2134432 – (CVE-2022-2953) CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

Bug 2134432 (CVE-2022-2953) - CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

Summary: CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-2953
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2134437 2134438 2134439 2134692 2134693 2134694 2134695 2136482 2140593
Blocks:	2134435
TreeView+	depends on / blocked

Reported:	2022-10-13 12:19 UTC by TEJ RATHI
Modified:	2024-03-18 13:37 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bound read flaw was found in LibTIFF, in extractImageSection in the tools/tiffcrop.c:6905, allowing attackers to cause a denial of service via a crafted tiff file.
Clone Of:
Environment:
Last Closed:	2023-05-16 15:16:56 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:0095	0	None	None	None	2023-01-12 09:17:29 UTC
Red Hat Product Errata	RHSA-2023:0302	0	None	None	None	2023-01-23 15:17:25 UTC

Description TEJ RATHI 2022-10-13 12:19:39 UTC

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json
https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3
https://gitlab.com/libtiff/libtiff/-/issues/414

Comment 1 TEJ RATHI 2022-10-13 12:26:04 UTC

Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2134438]


Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2134437]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2134439]

Comment 4 errata-xmlrpc 2023-01-12 09:17:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0095 https://access.redhat.com/errata/RHSA-2023:0095

Comment 5 errata-xmlrpc 2023-01-23 15:17:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0302 https://access.redhat.com/errata/RHSA-2023:0302

Comment 8 Product Security DevOps Team 2023-05-16 15:16:52 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2953

Note You need to log in before you can comment on or make changes to this bug.

adudiak
bdettelb
caswilli
dffrench
dkuc
fjansen
gzaronik
ikanias
jary
jburrell
jkoehler
jwong
kaycoth
kshier
micjohns
mmuzila
nforro
ngough
rgodfrey
rh-spice-bugs
rravi
sthirugn
tohughes