Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754).
- CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2022:14888-1
- E-Mail link for SUSE-SU-2022:14888-1
- SUSE Security Ratings
- SUSE Bug 1156749
- SUSE Bug 1156754
- SUSE Bug 1182808
- SUSE Bug 1182809
- SUSE Bug 1182811
- SUSE Bug 1182812
- SUSE CVE CVE-2015-8665 page
- SUSE CVE CVE-2015-8683 page
- SUSE CVE CVE-2020-35521 page
- SUSE CVE CVE-2020-35522 page
- SUSE CVE CVE-2020-35523 page
- SUSE CVE CVE-2020-35524 page
Описание
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Затронутые продукты
Ссылки
- CVE-2015-8665
- SUSE Bug 1156749
- SUSE Bug 1156754
- SUSE Bug 1200195
Описание
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
Затронутые продукты
Ссылки
- CVE-2015-8683
- SUSE Bug 1156749
- SUSE Bug 1156754
- SUSE Bug 1200195
Описание
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Затронутые продукты
Ссылки
- CVE-2020-35521
- SUSE Bug 1182808
- SUSE Bug 1200195
Описание
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2020-35522
- SUSE Bug 1182809
- SUSE Bug 1200195
Описание
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-35523
- SUSE Bug 1182811
- SUSE Bug 1200195
Описание
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-35524
- SUSE Bug 1182812
- SUSE Bug 1200195