This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate.
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=2042603,2042604 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new
Reproducible with valgrind: $ valgrind tiffset -s 93 helloworld tiffset_poc ==5713== Memcheck, a memory error detector ==5713== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==5713== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info ==5713== Command: tiffset -s 93 helloworld tiffset_poc ==5713== TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered. TIFFReadDirectory: Warning, Unknown field with tag 0 (0x0) encountered. TIFFReadDirectory: Warning, Unknown field with tag 65280 (0xff00) encountered. TIFFReadDirectory: Warning, Unknown field with tag 250 (0xfa) encountered. TIFFReadDirectory: Warning, Unknown field with tag 9 (0x9) encountered. TIFFReadDirectory: Warning, Unknown field with tag 15 (0xf) encountered. TIFFReadDirectory: Warning, Unknown field with tag 65535 (0xffff) encountered. TIFFReadDirectory: Warning, Unknown field with tag 23901 (0x5d5d) encountered. TIFFReadDirectory: Warning, Unknown field with tag 93 (0x5d) encountered. TIFFReadDirectory: Warning, Unknown field with tag 58624 (0xe500) encountered. TIFFReadDirectory: Warning, Ignoring TransferFunction since BitsPerSample tag not found. TIFFReadDirectory: Warning, Invalid data type for tag StripByteCounts. TIFFReadDirectory: Warning, Invalid data type for tag TileOffsets. TIFFFetchStripThing: Warning, Incorrect count for "TileOffsets"; tag ignored. TIFFReadDirectory: Warning, Wrong "StripByteCounts" field, ignoring and calculating from imagelength. ==5713== Warning: set address range perms: large range [0x59c87040, 0x158c874f5) (undefined) ==5713== Invalid read of size 1 ==5713== at 0x484B354: memmove (vg_replace_strmem.c:1382) ==5713== by 0x487406A: _TIFFVSetField (tif_dir.c:592) ==5713== by 0x4870417: TIFFSetField (tif_dir.c:834) ==5713== by 0x109A03: main (tiffset.c:149) ==5713== Address 0x59c8703f is 1 bytes before a block of size 4,278,191,285 alloc'd ==5713== at 0x484186F: malloc (vg_replace_malloc.c:381) ==5713== by 0x4871D7F: UnknownInlinedFun (tif_dir.c:52) ==5713== by 0x4871D7F: setByteArray (tif_dir.c:43) ==5713== by 0x487406A: _TIFFVSetField (tif_dir.c:592) ==5713== by 0x4870417: TIFFSetField (tif_dir.c:834) ==5713== by 0x109A03: main (tiffset.c:149) ==5713== ==5713== ==5713== More than 10000000 total errors detected. I'm not reporting any more. ==5713== Final error counts will be inaccurate. Go fix your program! ==5713== Rerun with --error-limit=no to disable this cutoff. Note ==5713== that errors may occur in your program without prior warning from ==5713== Valgrind, because errors are no longer being displayed. ==5713== ==5713== ==5713== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==5713== Access not within mapped region at address 0x57FFFFFF ==5713== at 0x484B354: memmove (vg_replace_strmem.c:1382) ==5713== by 0x487406A: _TIFFVSetField (tif_dir.c:592) ==5713== by 0x4870417: TIFFSetField (tif_dir.c:834) ==5713== by 0x109A03: main (tiffset.c:149) ==5713== If you believe this happened as a result of a stack ==5713== overflow in your program's main thread (unlikely but ==5713== possible), you can try to increase the size of the ==5713== main thread stack using the --main-stacksize= flag. ==5713== The main thread stack size used in this run was 8388608. ==5713== ==5713== HEAP SUMMARY: ==5713== in use at exit: 4,278,195,078 bytes in 29 blocks ==5713== total heap usage: 60 allocs, 31 frees, 4,278,223,866 bytes allocated ==5713== ==5713== LEAK SUMMARY: ==5713== definitely lost: 0 bytes in 0 blocks ==5713== indirectly lost: 0 bytes in 0 blocks ==5713== possibly lost: 0 bytes in 0 blocks ==5713== still reachable: 4,278,195,078 bytes in 29 blocks ==5713== suppressed: 0 bytes in 0 blocks ==5713== Rerun with --leak-check=full to see details of leaked memory ==5713== ==5713== For lists of detected and suppressed errors, rerun with: -s ==5713== ERROR SUMMARY: 10000000 errors from 1 contexts (suppressed: 0 from 0) Segmentation fault (core dumped)
FEDORA-2022-a403286212 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-a403286212
FEDORA-2022-a403286212 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-a403286212` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-a403286212 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-a403286212 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.