Bug 2142734 (CVE-2022-3570)

Summary: CVE-2022-3570 libtiff: heap Buffer overflows in tiffcrop.c
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, aprice, bdettelb, caswilli, crizzo, dkuc, doconnor, fjansen, hkataria, jburrell, jkoehler, jsamir, jwong, kaycoth, kholdawa, kshier, lcouzens, lphiri, micjohns, mmuzila, mskarbek, nforro, oezr, rh-spice-bugs, sthirugn, teagle, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 17:16:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2142735, 2143155, 2144700, 2144701, 2144702, 2144703    
Bug Blocks: 2137106    

Description Dhananjay Arunesh 2022-11-15 06:19:40 UTC 
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

References:
https://gitlab.com/libtiff/libtiff/-/issues/386
https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c
https://gitlab.com/libtiff/libtiff/-/issues/381
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json
Comment 1 Dhananjay Arunesh 2022-11-15 06:21:59 UTC 
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2142735]
Comment 6 Dhananjay Arunesh 2022-11-16 08:27:54 UTC 
Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2143155]
Comment 10 errata-xmlrpc 2023-05-09 07:31:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2340 https://access.redhat.com/errata/RHSA-2023:2340
Comment 11 Product Security DevOps Team 2023-05-09 17:16:12 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3570