Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 891839 (CVE-2022-48281)

Summary: <media-libs/tiff-4.5.0-r1: heap buffer overflow in tiffcrop
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: codec
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/29426
https://bugs.gentoo.org/show_bug.cgi?id=895900
Whiteboard: C2 [glsa+]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-23 14:46:03 UTC
CVE-2022-48281 (https://gitlab.com/libtiff/libtiff/-/issues/488):

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

Patch: https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

C given the issue is in a likely little used extra tool distributed with libtiff.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 19:02:41 UTC
Ugh. The Gitlab issues are *filled* with issues in tiffcrop.

https://gitlab.com/libtiff/libtiff/-/issues
Comment 2 Michael Vetter 2023-02-04 19:01:34 UTC
I created https://github.com/gentoo/gentoo/pull/29426 with a fix for this.
It is a long time ago that I worked with ebuilds so please be patient in case I made any mistakes in my changes or in the process.

Would be happy to get some feedback and improve in case something is not right.
Comment 3 Larry the Git Cow gentoo-dev 2023-02-07 04:30:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a7119ce544ba3de8179b4b9ec93c0032a069ecd

commit 7a7119ce544ba3de8179b4b9ec93c0032a069ecd
Author:     Michael Vetter <jubalh@iodoru.org>
AuthorDate: 2023-02-04 18:56:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-02-07 04:29:50 +0000

    media-libs/tiff: Fix CVE-2022-48281
    
    Bug: https://bugs.gentoo.org/891839
    Upstream: https://gitlab.com/libtiff/libtiff/-/issues/488
    Signed-off-by: Michael Vetter <jubalh@iodoru.org>
    Closes: https://github.com/gentoo/gentoo/pull/29426
    Signed-off-by: Sam James <sam@gentoo.org>

 .../tiff/files/tiff-4.5.0-CVE-2022-48281.patch     | 14 ++++
 media-libs/tiff/tiff-4.5.0-r1.ebuild               | 90 ++++++++++++++++++++++
 2 files changed, 104 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-07 04:30:45 UTC
(In reply to Michael Vetter from comment #2)
> I created https://github.com/gentoo/gentoo/pull/29426 with a fix for this.
> It is a long time ago that I worked with ebuilds so please be patient in
> case I made any mistakes in my changes or in the process.
> 
> Would be happy to get some feedback and improve in case something is not
> right.

Thank you!
Comment 5 Larry the Git Cow gentoo-dev 2023-05-13 21:36:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9250f44e52874c9bc51637f4d57c7a61a4f88063

commit 9250f44e52874c9bc51637f4d57c7a61a4f88063
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-05-13 21:36:06 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-05-13 21:36:23 +0000

    media-libs/tiff: drop 4.5.0, 4.5.0-r1
    
    Bug: https://bugs.gentoo.org/895900
    Bug: https://bugs.gentoo.org/891839
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-libs/tiff/tiff-4.5.0-r1.ebuild | 90 ------------------------------------
 media-libs/tiff/tiff-4.5.0.ebuild    | 89 -----------------------------------
 2 files changed, 179 deletions(-)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-29 04:37:50 UTC
GLSA request filed.
Comment 7 Larry the Git Cow gentoo-dev 2023-05-30 03:05:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=d6e726fbb202042644e22b21b37486e541d63ba0

commit d6e726fbb202042644e22b21b37486e541d63ba0
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-30 03:01:32 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-05-30 03:05:03 +0000

    [ GLSA 202305-31 ] LibTIFF: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/891839
    Bug: https://bugs.gentoo.org/895900
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202305-31.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-30 03:08:34 UTC
GLSA released, all done!