SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-480

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-480

Security update for tiff

Type: security

Severity: important

Issued: 2022-02-17

Description:

This update for tiff fixes the following issues:

- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).

References

CVE: CVE-2022-22844
CVE: CVE-2020-35524
CVE: CVE-2020-35523
CVE: CVE-2020-35522
CVE: CVE-2020-35521
CVE: CVE-2020-19131
CVE: CVE-2019-17546
CVE: CVE-2017-17095
Bugzilla: 1194539 VUL-1: CVE-2022-22844: tiff: out-of-bounds read in _TIFFmemcpy in tif_unix.c
Bugzilla: 1190312 VUL-0: CVE-2020-19131: tiff: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
Bugzilla: 1182812 VUL-0: CVE-2020-35524: tiff: Heap-based buffer overflow in TIFF2PDF tool
Bugzilla: 1182811 VUL-0: CVE-2020-35523: tiff: Integer overflow in tif_getimage.c
Bugzilla: 1182809 VUL-1: CVE-2020-35522: tiff: Memory allocation failure in tif_pixarlog.c
Bugzilla: 1182808 VUL-1: CVE-2020-35521: tiff: Memory allocation failure in tif_read.c
Bugzilla: 1154365 VUL-1: CVE-2019-17546: tiff: integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image
Bugzilla: 1071031 VUL-0: CVE-2017-17095: tiff: tools/pal2rgb.c in pal2rgb allows remote attackers to cause DoS (TIFFSetupStrips heap-based buffer overflow and application crash)

Packages

tiff-4.0.9-45.5.1