CVE-2022-1210: A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
CVE-2022-1622 (https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a): https://gitlab.com/libtiff/libtiff/-/issues/410 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVE-2022-1623 (https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a): https://gitlab.com/libtiff/libtiff/-/issues/410 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. Patch available, don't seem to be in any release.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcf80a84c69f026b3e7df8bec1b0732c2dc7b658 commit bcf80a84c69f026b3e7df8bec1b0732c2dc7b658 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-21 00:07:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-21 00:09:23 +0000 media-libs/tiff: add 4.4.0_rc1 (unkeyworded) Bug: https://bugs.gentoo.org/821925 Bug: https://bugs.gentoo.org/830981 Bug: https://bugs.gentoo.org/837560 Signed-off-by: Sam James <sam@gentoo.org> media-libs/tiff/Manifest | 2 + .../files/tiff-4.4.0_rc1-skip-thumbnail-test.patch | 32 ++++++++ media-libs/tiff/tiff-4.4.0_rc1.ebuild | 91 ++++++++++++++++++++++ 3 files changed, 125 insertions(+)
Not going to adapt version yet in summary given it's unkeyworded and won't be keyworded. Release is soon.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cc08f3f2c6514182ca627689da2b5472c1035a7 commit 1cc08f3f2c6514182ca627689da2b5472c1035a7 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-28 05:28:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-28 05:28:10 +0000 media-libs/tiff: add 4.4.0, drop 4.4.0_rc1 Bug: https://bugs.gentoo.org/830981 Bug: https://bugs.gentoo.org/837560 Closes: https://bugs.gentoo.org/821925 Signed-off-by: Sam James <sam@gentoo.org> media-libs/tiff/Manifest | 4 ++-- media-libs/tiff/{tiff-4.4.0_rc1.ebuild => tiff-4.4.0.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-)
CVE-2022-1354: A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. Patch: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 Issue: https://gitlab.com/libtiff/libtiff/-/issues/319 CVE-2022-1355: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. Issue: https://gitlab.com/libtiff/libtiff/-/issues/400 Fix: https://gitlab.com/libtiff/libtiff/-/commit/fb1db384959698edd6caeea84e28253d272a0f96 Fixed in 4.4.0.
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9323b51c5a02aa440a14eb7aaebea235ed683626 commit 9323b51c5a02aa440a14eb7aaebea235ed683626 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:08:31 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-10 ] LibTIFF: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/830981 Bug: https://bugs.gentoo.org/837560 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-10.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+)
GLSA released, all done!
