CVE-2022-48281 (https://gitlab.com/libtiff/libtiff/-/issues/488): processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. Patch: https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5 C given the issue is in a likely little used extra tool distributed with libtiff.
Ugh. The Gitlab issues are *filled* with issues in tiffcrop. https://gitlab.com/libtiff/libtiff/-/issues
I created https://github.com/gentoo/gentoo/pull/29426 with a fix for this. It is a long time ago that I worked with ebuilds so please be patient in case I made any mistakes in my changes or in the process. Would be happy to get some feedback and improve in case something is not right.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a7119ce544ba3de8179b4b9ec93c0032a069ecd commit 7a7119ce544ba3de8179b4b9ec93c0032a069ecd Author: Michael Vetter <jubalh@iodoru.org> AuthorDate: 2023-02-04 18:56:16 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-02-07 04:29:50 +0000 media-libs/tiff: Fix CVE-2022-48281 Bug: https://bugs.gentoo.org/891839 Upstream: https://gitlab.com/libtiff/libtiff/-/issues/488 Signed-off-by: Michael Vetter <jubalh@iodoru.org> Closes: https://github.com/gentoo/gentoo/pull/29426 Signed-off-by: Sam James <sam@gentoo.org> .../tiff/files/tiff-4.5.0-CVE-2022-48281.patch | 14 ++++ media-libs/tiff/tiff-4.5.0-r1.ebuild | 90 ++++++++++++++++++++++ 2 files changed, 104 insertions(+)
(In reply to Michael Vetter from comment #2) > I created https://github.com/gentoo/gentoo/pull/29426 with a fix for this. > It is a long time ago that I worked with ebuilds so please be patient in > case I made any mistakes in my changes or in the process. > > Would be happy to get some feedback and improve in case something is not > right. Thank you!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9250f44e52874c9bc51637f4d57c7a61a4f88063 commit 9250f44e52874c9bc51637f4d57c7a61a4f88063 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-05-13 21:36:06 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-05-13 21:36:23 +0000 media-libs/tiff: drop 4.5.0, 4.5.0-r1 Bug: https://bugs.gentoo.org/895900 Bug: https://bugs.gentoo.org/891839 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/tiff/tiff-4.5.0-r1.ebuild | 90 ------------------------------------ media-libs/tiff/tiff-4.5.0.ebuild | 89 ----------------------------------- 2 files changed, 179 deletions(-)
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d6e726fbb202042644e22b21b37486e541d63ba0 commit d6e726fbb202042644e22b21b37486e541d63ba0 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:01:32 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:03 +0000 [ GLSA 202305-31 ] LibTIFF: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/891839 Bug: https://bugs.gentoo.org/895900 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-31.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+)
GLSA released, all done!
