rpm package

suse/tiff&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (37)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-48281	—	< 4.0.9-44.65.1	4.0.9-44.65.1	Jan 23, 2023	processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVE-2022-3970	—	< 4.0.9-44.59.1	4.0.9-44.59.1	Nov 13, 2022	A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t
CVE-2022-3627	—	< 4.0.9-44.59.1	4.0.9-44.59.1	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-3626	—	< 4.0.9-44.59.1	4.0.9-44.59.1	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availa
CVE-2022-3599	—	< 4.0.9-44.59.1	4.0.9-44.59.1	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
CVE-2022-3597	—	< 4.0.9-44.59.1	4.0.9-44.59.1	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-2521	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Aug 31, 2022	It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
CVE-2022-2520	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Aug 31, 2022	A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-2519	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Aug 31, 2022	There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
CVE-2022-2869	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Aug 17, 2022	libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with ti
CVE-2022-2868	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Aug 17, 2022	libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
CVE-2022-2867	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Aug 17, 2022	libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploita
CVE-2022-34526	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Jul 29, 2022	A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
CVE-2022-34266	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Jul 19, 2022	The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset
CVE-2022-0561	—	< 4.0.9-44.56.1	4.0.9-44.56.1	Feb 11, 2022	Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commi
CVE-2022-22844	—	< 4.0.9-44.45.1	4.0.9-44.45.1	Jan 8, 2022	LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVE-2020-19131	—	< 4.0.9-44.45.1	4.0.9-44.45.1	Sep 7, 2021	Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
CVE-2020-35524	—	< 4.0.9-44.45.1	4.0.9-44.45.1	Mar 9, 2021	A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava
CVE-2020-35523	—	< 4.0.9-44.45.1	4.0.9-44.45.1	Mar 9, 2021	An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s
CVE-2020-35522	—	< 4.0.9-44.45.1	4.0.9-44.45.1	Mar 9, 2021	In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

CVE-2022-48281Jan 23, 2023
affected < 4.0.9-44.65.1fixed 4.0.9-44.65.1
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVE-2022-3970Nov 13, 2022
affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t
CVE-2022-3627Oct 21, 2022
affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-3626Oct 21, 2022
affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availa
CVE-2022-3599Oct 21, 2022
affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
CVE-2022-3597Oct 21, 2022
affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-2521Aug 31, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
CVE-2022-2520Aug 31, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-2519Aug 31, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
CVE-2022-2869Aug 17, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with ti
CVE-2022-2868Aug 17, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
CVE-2022-2867Aug 17, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploita
CVE-2022-34526Jul 29, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
CVE-2022-34266Jul 19, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset
CVE-2022-0561Feb 11, 2022
affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commi
CVE-2022-22844Jan 8, 2022
affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVE-2020-19131Sep 7, 2021
affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
CVE-2020-35524Mar 9, 2021
affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava
CVE-2020-35523Mar 9, 2021
affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s
CVE-2020-35522Mar 9, 2021
affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

Page 1 of 2