CVE-2022-2056 – libtiff: division by zero issues in tiffcrop
https://notcve.org/view.php?id=CVE-2022-2056
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json https://gitlab.com/libtiff/libtiff/-/issues/415 https://gitlab.com/libtiff/libtiff/-/merge_requests/346 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS https:// • CWE-369: Divide By Zero •
CVE-2022-1623
https://notcve.org/view.php?id=CVE-2022-1623
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:624, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff desde las fuentes, la corrección está disponible con el commit b4e79bfa • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK https://security.gentoo.org/glsa/202210-10 https://security.net • CWE-125: Out-of-bounds Read •
CVE-2022-1622
https://notcve.org/view.php?id=CVE-2022-1622
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit b4e79bfa • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.o • CWE-125: Out-of-bounds Read •
CVE-2022-1210 – LibTIFF tiff2ps resource consumption
https://notcve.org/view.php?id=CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. • https://gitlab.com/libtiff/libtiff/-/issues/402 https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20220513-0005 https://vuldb.com/?id.196363 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVE-2022-1056
https://notcve.org/view.php?id=CVE-2022-1056
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. Un error de lectura fuera de límites en tiffcrop en libtiff versión 4.3.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit 46dc8fcd • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json https://gitlab.com/libtiff/libtiff/-/issues/391 https://gitlab.com/libtiff/libtiff/-/merge_requests/307 https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20221228-0008 • CWE-125: Out-of-bounds Read •