Bug 2233599 (CVE-2022-1056) - CVE-2022-1056 libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c
Summary: CVE-2022-1056 libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c
Keywords:
Status: NEW
Alias: CVE-2022-1056
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2233610 2233611 2233607 2233608 2233609 2234393
Blocks: 2233605
TreeView+ depends on / blocked
 
Reported: 2023-08-22 17:11 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-19 02:20 UTC (History)
11 users (show)

Fixed In Version: libtiff 4.4.0
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-22 17:11:08 UTC 
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

References:
https://gitlab.com/libtiff/libtiff/-/merge_requests/307
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json
https://gitlab.com/libtiff/libtiff/-/issues/391
https://security.gentoo.org/glsa/202210-10
https://security.netapp.com/advisory/ntap-20221228-0008/
Comment 2 Guilherme de Almeida Suckevicz 2023-08-22 17:29:15 UTC 
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2233610]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2233611]
Comment 3 Marian Rehak 2023-08-24 09:52:21 UTC 
Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2234393]
Note You need to log in before you can comment on or make changes to this bug.