Source: tiff Version: 4.4.0-5 Severity: important Tags: security
Hello, The following vulnerabilities had been published for tiff: CVE-2022-2519[0]: | There is a double free or corruption in rotateImage() at | tiffcrop.c:8839 found in libtiff 4.4.0rc1 https://gitlab.com/libtiff/libtiff/-/issues/423 https://gitlab.com/libtiff/libtiff/-/merge_requests/378 https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba CVE-2022-2520[1]: | A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion | fail in rotateImage() at tiffcrop.c:8621 that can cause program crash | when reading a crafted input. https://gitlab.com/libtiff/libtiff/-/issues/424 https://gitlab.com/libtiff/libtiff/-/merge_requests/378 https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba CVE-2022-2521[2]: | It was found in libtiff 4.4.0rc1 that there is an invalid pointer free | operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 | that can cause a program crash and denial of service while processing | crafted input. https://gitlab.com/libtiff/libtiff/-/issues/422 https://gitlab.com/libtiff/libtiff/-/merge_requests/378 https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba CVE-2022-2953[3]: | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in | tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service | via a crafted tiff file. For users that compile libtiff from sources, | the fix is available with commit 48d6ece8. https://gitlab.com/libtiff/libtiff/-/issues/414 https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba I saw they are marked as "unimportant" in Debian's security tracker, but I thought I would file this bug report anyway. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2519 https://www.cve.org/CVERecord?id=CVE-2022-2519 [1] https://security-tracker.debian.org/tracker/CVE-2022-2520 https://www.cve.org/CVERecord?id=CVE-2022-2520 [2] https://security-tracker.debian.org/tracker/CVE-2022-2521 https://www.cve.org/CVERecord?id=CVE-2022-2521 [3] https://security-tracker.debian.org/tracker/CVE-2022-2953 https://www.cve.org/CVERecord?id=CVE-2022-2953 Please adjust the affected versions in the BTS as needed. Best, amin
