Bug 2224974

Summary: libtiff: integer overflow in tiffcp.c
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bdettelb, carnil, caswilli, hkataria, jburrell, jkoehler, jsherril, kaycoth, kshier, mmuzila, nforro, rh-spice-bugs
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-28 08:55:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2226745, 2226746, 2226747, 2226748    
Bug Blocks: 2222912    

Description Dhananjay Arunesh 2023-07-24 07:12:26 UTC 
Multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow.
Comment 3 Salvatore Bonaccorso 2023-07-30 22:02:16 UTC 
This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/592 (but it looks that this RHBZ entry is swapped with actually CVE-2023-38288).
Comment 4 Dhananjay Arunesh 2023-08-02 09:28:19 UTC 
In reply to comment #3:
> This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/592
> (but it looks that this RHBZ entry is swapped with actually CVE-2023-38288).

Hi, These CVEs are assigned by us (Red Hat CNA), CVEs attached to the bugs are from the final vulnerabilities report sent by the reporter. I am discussing about this issue with the reporter to rectify from his end.
Comment 5 Salvatore Bonaccorso 2023-08-13 11:45:38 UTC 
Same question as in https://bugzilla.redhat.com/show_bug.cgi?id=2224971#c5
Comment 6 Dhananjay Arunesh 2023-08-28 08:55:23 UTC 

*** This bug has been marked as a duplicate of bug 2235265 ***
Comment 7 Dhananjay Arunesh 2023-08-28 08:59:57 UTC 
Rejected the old CVE and re-assigned the vulnerabiliy with new flaw and CVE. Please track the below link[0] for more information.
https://bugzilla.redhat.com/show_bug.cgi?id=2235265

Regardng the comment for the old CVE (as Not a security issue) on Mitre, we are working to correct the statement.