Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).
Список пакетов
Container suse/nginx:latest
libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest
libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SAP-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAP-Azure-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAP-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAPCAL-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAPCAL-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP1-SAPCAL-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP2-SAP-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAP-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAPCAL-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP3-SAPCAL-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-Hardened-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-Hardened-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-Hardened-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-Hardened-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAP-Hardened-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAPCAL
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAPCAL-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAPCAL-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SAPCAL-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2-HVM
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-Hardened-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-Hardened-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-Hardened-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Azure-3P
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Hardened-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Hardened-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAP-Hardened-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAPCAL-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAPCAL-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP5-SAPCAL-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-BYOS
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-EC2
libtiff5-4.0.9-45.5.1
Image SLES15-SP6-SAP-Hardened-GCE
libtiff5-4.0.9-45.5.1
SUSE Enterprise Storage 6
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Enterprise Storage 7
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
libtiff5-32bit-4.0.9-45.5.1
tiff-4.0.9-45.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
tiff-4.0.9-45.5.1
SUSE Linux Enterprise Real Time 15 SP2
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server 15 SP1-BCL
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server 15 SP2-BCL
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server 15-LTSS
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server for SAP Applications 15
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Manager Proxy 4.1
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Manager Retail Branch Server 4.1
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
SUSE Manager Server 4.1
libtiff-devel-4.0.9-45.5.1
libtiff5-4.0.9-45.5.1
libtiff5-32bit-4.0.9-45.5.1
Ссылки
- Link for SUSE-SU-2022:0480-1
- E-Mail link for SUSE-SU-2022:0480-1
- SUSE Security Ratings
- SUSE Bug 1071031
- SUSE Bug 1154365
- SUSE Bug 1182808
- SUSE Bug 1182809
- SUSE Bug 1182811
- SUSE Bug 1182812
- SUSE Bug 1190312
- SUSE Bug 1194539
- SUSE CVE CVE-2017-17095 page
- SUSE CVE CVE-2019-17546 page
- SUSE CVE CVE-2020-19131 page
- SUSE CVE CVE-2020-35521 page
- SUSE CVE CVE-2020-35522 page
- SUSE CVE CVE-2020-35523 page
- SUSE CVE CVE-2020-35524 page
- SUSE CVE CVE-2022-22844 page
Описание
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2017-17095
- SUSE Bug 1071031
Описание
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2019-17546
- SUSE Bug 1154365
Описание
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2020-19131
- SUSE Bug 1190312
Описание
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2020-35521
- SUSE Bug 1182808
- SUSE Bug 1200195
Описание
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2020-35522
- SUSE Bug 1182809
- SUSE Bug 1200195
Описание
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2020-35523
- SUSE Bug 1182811
- SUSE Bug 1200195
Описание
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2020-35524
- SUSE Bug 1182812
- SUSE Bug 1200195
Описание
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-45.5.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-BYOS:libtiff5-4.0.9-45.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-45.5.1
Ссылки
- CVE-2022-22844
- SUSE Bug 1194539