An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-2020
Final
1.0
1.0
2022-10-28
Initial
2022-10-28
2022-10-28
openEuler SA Tool V1.0
2022-10-28
libtiff security update
An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.
Security Fix(es):
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3597)
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.(CVE-2022-3599)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.(CVE-2022-3598)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3626)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3627)
An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
libtiff
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3570
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3597
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3599
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3598
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3626
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3627
https://nvd.nist.gov/vuln/detail/CVE-2022-3570
https://nvd.nist.gov/vuln/detail/CVE-2022-3597
https://nvd.nist.gov/vuln/detail/CVE-2022-3599
https://nvd.nist.gov/vuln/detail/CVE-2022-3598
https://nvd.nist.gov/vuln/detail/CVE-2022-3626
https://nvd.nist.gov/vuln/detail/CVE-2022-3627
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
libtiff-debuginfo-4.3.0-6.oe1.aarch64.rpm
libtiff-debugsource-4.3.0-6.oe1.aarch64.rpm
libtiff-4.3.0-6.oe1.aarch64.rpm
libtiff-devel-4.3.0-6.oe1.aarch64.rpm
libtiff-debuginfo-4.3.0-6.oe1.aarch64.rpm
libtiff-4.3.0-6.oe1.aarch64.rpm
libtiff-debugsource-4.3.0-6.oe1.aarch64.rpm
libtiff-devel-4.3.0-6.oe1.aarch64.rpm
libtiff-debugsource-4.3.0-20.oe2203.aarch64.rpm
libtiff-static-4.3.0-20.oe2203.aarch64.rpm
libtiff-tools-4.3.0-20.oe2203.aarch64.rpm
libtiff-4.3.0-20.oe2203.aarch64.rpm
libtiff-devel-4.3.0-20.oe2203.aarch64.rpm
libtiff-debuginfo-4.3.0-20.oe2203.aarch64.rpm
libtiff-help-4.3.0-6.oe1.noarch.rpm
libtiff-help-4.3.0-6.oe1.noarch.rpm
libtiff-help-4.3.0-20.oe2203.noarch.rpm
libtiff-4.3.0-6.oe1.src.rpm
libtiff-4.3.0-6.oe1.src.rpm
libtiff-4.3.0-20.oe2203.src.rpm
libtiff-debuginfo-4.3.0-6.oe1.x86_64.rpm
libtiff-4.3.0-6.oe1.x86_64.rpm
libtiff-debugsource-4.3.0-6.oe1.x86_64.rpm
libtiff-devel-4.3.0-6.oe1.x86_64.rpm
libtiff-debuginfo-4.3.0-6.oe1.x86_64.rpm
libtiff-devel-4.3.0-6.oe1.x86_64.rpm
libtiff-debugsource-4.3.0-6.oe1.x86_64.rpm
libtiff-4.3.0-6.oe1.x86_64.rpm
libtiff-static-4.3.0-20.oe2203.x86_64.rpm
libtiff-tools-4.3.0-20.oe2203.x86_64.rpm
libtiff-4.3.0-20.oe2203.x86_64.rpm
libtiff-devel-4.3.0-20.oe2203.x86_64.rpm
libtiff-debuginfo-4.3.0-20.oe2203.x86_64.rpm
libtiff-debugsource-4.3.0-20.oe2203.x86_64.rpm
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
2022-10-28
CVE-2022-3570
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
libtiff security update
2022-10-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
2022-10-28
CVE-2022-3597
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
libtiff security update
2022-10-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
2022-10-28
CVE-2022-3599
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
libtiff security update
2022-10-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
2022-10-28
CVE-2022-3598
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
libtiff security update
2022-10-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
2022-10-28
CVE-2022-3626
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
libtiff security update
2022-10-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
2022-10-28
CVE-2022-3627
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
libtiff security update
2022-10-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020