CVE-2022-3570 – libtiff: heap Buffer overflows in tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-3570
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact Múltiples desbordamientos del búfer de la pila en la utilidad tiffcrop.c de libtiff library versión 4.4.0, permiten a un atacante desencadenar un acceso a la memoria no seguro o fuera de límites por medio de un archivo de imagen TIFF diseñado, lo que podría resultar en un bloqueo de la aplicación, una posible divulgación de información o cualquier otro impacto dependiente del contexto A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c https://gitlab.com/libtiff/libtiff/-/issues/381 https://gitlab.com/libtiff/libtiff/-/issues/386 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://security.netapp.com/advisory/ntap-20230203-0002 https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-3570 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-3598 – libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-3598
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. LibTIFF versión 4.4.0, presenta una escritura fuera de límites en extractContigSamplesShifted24bits en el archivo tools/tiffcrop.c:3604, lo que permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para los usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit cfbb883b An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff https://gitlab.com/libtiff/libtiff/-/issues/435 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://security.netapp.com/advisory/ntap-20230110-0001 https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 • CWE-787: Out-of-bounds Write •
CVE-2022-2521 – libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c
https://notcve.org/view.php?id=CVE-2022-2521
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. Se ha encontrado en libtiff versión 4.4.0rc1. que se presenta una operación de liberación de puntero no válida en la función TIFFClose() en el archivo tif_close.c:131 llamada por tiffcrop.c:2522 que puede causar un fallo del programa y una denegación de servicio mientras es procesada un entrada diseñada • https://gitlab.com/libtiff/libtiff/-/issues/422 https://gitlab.com/libtiff/libtiff/-/merge_requests/378 https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2521 https://bugzilla.redhat.com/show_bug.cgi?id=2122799 • CWE-763: Release of Invalid Pointer or Reference •
CVE-2022-2520 – libtiff: Assertion fail in rotateImage() function at tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-2520
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. Se ha encontrado un fallo en libtiff versión 4.4.0rc1. Se presenta un fallo de aserción de sysmalloc en la función rotateImage() en el archivo tiffcrop.c:8621 que puede causar la caída del programa cuando es leída una entrada diseñada • https://gitlab.com/libtiff/libtiff/-/issues/424 https://gitlab.com/libtiff/libtiff/-/merge_requests/378 https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2520 https://bugzilla.redhat.com/show_bug.cgi?id=2122792 • CWE-131: Incorrect Calculation of Buffer Size CWE-617: Reachable Assertion •
CVE-2022-1354 – libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c
https://notcve.org/view.php?id=CVE-2022-1354
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en el archivo tiffinfo.c de Libtiffs, en la función TIFFReadRawDataStriped(). Este defecto permite a un atacante pasar un archivo TIFF diseñado a la herramienta tiffinfo, desencadenando un problema de desbordamiento del búfer de la pila y causando un fallo que conlleva a una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1354 https://bugzilla.redhat.com/show_bug.cgi?id=2074404 https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 https://gitlab.com/libtiff/libtiff/-/issues/319 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20221014-0007 https://www.debian.org/security/2023/dsa-5333 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •