CVE-2022-22844: LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. Merge request: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
[CVE-2022-0561] Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. URL: https://gitlab.com/libtiff/libtiff/-/issues/362 Patch: https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef [CVE-2022-0562] Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. URL: https://gitlab.com/libtiff/libtiff/-/issues/362 Patch: https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
CVE-2022-0924 (https://gitlab.com/libtiff/libtiff/-/issues/278): Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. Patch: https://gitlab.com/libtiff/libtiff/-/commit/408976c44ef0aad975e0d1b6c6dc80d60f9dc665 CVE-2022-0909 (https://gitlab.com/libtiff/libtiff/-/issues/393); Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. Patch: https://gitlab.com/libtiff/libtiff/-/commit/408976c44ef0aad975e0d1b6c6dc80d60f9dc665 CVE-2022-0908 (https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json): Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Patch: https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 CVE-2022-0907 (https://gitlab.com/libtiff/libtiff/-/issues/392): Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. Patch: https://gitlab.com/libtiff/libtiff/-/commit/f2b656e2e64adde07a6cffd5c8e96bd81a850fea CVE-2022-0865 (https://gitlab.com/libtiff/libtiff/-/issues/385): Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. Patch: https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067 CVE-2022-0891 (https://gitlab.com/libtiff/libtiff/-/issues/382): A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact Patch: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c All apparently unreleased.
*** Bug 835759 has been marked as a duplicate of this bug. ***
CVE-2022-1056 (https://gitlab.com/libtiff/libtiff/-/merge_requests/307): https://gitlab.com/libtiff/libtiff/-/issues/391 Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcf80a84c69f026b3e7df8bec1b0732c2dc7b658 commit bcf80a84c69f026b3e7df8bec1b0732c2dc7b658 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-21 00:07:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-21 00:09:23 +0000 media-libs/tiff: add 4.4.0_rc1 (unkeyworded) Bug: https://bugs.gentoo.org/821925 Bug: https://bugs.gentoo.org/830981 Bug: https://bugs.gentoo.org/837560 Signed-off-by: Sam James <sam@gentoo.org> media-libs/tiff/Manifest | 2 + .../files/tiff-4.4.0_rc1-skip-thumbnail-test.patch | 32 ++++++++ media-libs/tiff/tiff-4.4.0_rc1.ebuild | 91 ++++++++++++++++++++++ 3 files changed, 125 insertions(+)
Not going to adapt version yet in summary given it's unkeyworded and won't be keyworded. Release is soon.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cc08f3f2c6514182ca627689da2b5472c1035a7 commit 1cc08f3f2c6514182ca627689da2b5472c1035a7 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-28 05:28:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-28 05:28:10 +0000 media-libs/tiff: add 4.4.0, drop 4.4.0_rc1 Bug: https://bugs.gentoo.org/830981 Bug: https://bugs.gentoo.org/837560 Closes: https://bugs.gentoo.org/821925 Signed-off-by: Sam James <sam@gentoo.org> media-libs/tiff/Manifest | 4 ++-- media-libs/tiff/{tiff-4.4.0_rc1.ebuild => tiff-4.4.0.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-)
GLSA request filed.
cleanup done.
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9323b51c5a02aa440a14eb7aaebea235ed683626 commit 9323b51c5a02aa440a14eb7aaebea235ed683626 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:08:31 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-10 ] LibTIFF: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/830981 Bug: https://bugs.gentoo.org/837560 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-10.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+)
GLSA released, all done!
