Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
- CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
- CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066).
- CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072).
- CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073).
- CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074).
- CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631).
- CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068).
Список пакетов
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-Azure-SAP-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-SAP-BYOS
Image SLES12-SP5-GCE-SAP-On-Demand
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2022:1667-1
- E-Mail link for SUSE-SU-2022:1667-1
- SUSE Security Ratings
- SUSE Bug 1195964
- SUSE Bug 1195965
- SUSE Bug 1197066
- SUSE Bug 1197068
- SUSE Bug 1197072
- SUSE Bug 1197073
- SUSE Bug 1197074
- SUSE Bug 1197631
- SUSE CVE CVE-2022-0561 page
- SUSE CVE CVE-2022-0562 page
- SUSE CVE CVE-2022-0865 page
- SUSE CVE CVE-2022-0891 page
- SUSE CVE CVE-2022-0908 page
- SUSE CVE CVE-2022-0909 page
- SUSE CVE CVE-2022-0924 page
- SUSE CVE CVE-2022-1056 page
Описание
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
Затронутые продукты
Ссылки
- CVE-2022-0561
- SUSE Bug 1195964
Описание
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Затронутые продукты
Ссылки
- CVE-2022-0562
- SUSE Bug 1195965
- SUSE Bug 1201723
Описание
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
Затронутые продукты
Ссылки
- CVE-2022-0865
- SUSE Bug 1197066
Описание
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Затронутые продукты
Ссылки
- CVE-2022-0891
- SUSE Bug 1197068
Описание
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Затронутые продукты
Ссылки
- CVE-2022-0908
- SUSE Bug 1197074
Описание
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
Затронутые продукты
Ссылки
- CVE-2022-0909
- SUSE Bug 1197072
Описание
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
Затронутые продукты
Ссылки
- CVE-2022-0924
- SUSE Bug 1197073
Описание
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
Затронутые продукты
Ссылки
- CVE-2022-1056
- SUSE Bug 1197631