2163606 – (CVE-2022-48281) CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c

Bug 2163606 (CVE-2022-48281) - CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c

Summary: CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections()...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-48281
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2163632 2163633 2163634 2163635 2163636 2163637 2163638 2163639 2163640 2163641 2163642 2163643 2193348 2209281 2223013
Blocks:	2163506
TreeView+	depends on / blocked

Reported:	2023-01-24 04:23 UTC by Sandipan Roy
Modified:	2024-03-18 18:55 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, "WRITE of size 307203") via a crafted TIFF image.
Clone Of:
Environment:
Last Closed:	2023-06-27 19:30:02 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:3711	0	None	None	None	2023-06-21 14:38:26 UTC
Red Hat Product Errata	RHSA-2023:3827	0	None	None	None	2023-06-27 14:57:55 UTC

Description Sandipan Roy 2023-01-24 04:23:36 UTC

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

https://gitlab.com/libtiff/libtiff/-/issues/488
https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

Comment 1 Sandipan Roy 2023-01-24 05:39:34 UTC

Created iv tracking bugs for this issue:

Affects: fedora-36 [bug 2163633]
Affects: fedora-37 [bug 2163637]


Created libtiff tracking bugs for this issue:

Affects: fedora-36 [bug 2163634]
Affects: fedora-37 [bug 2163638]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-36 [bug 2163635]
Affects: fedora-37 [bug 2163639]


Created tkimg tracking bugs for this issue:

Affects: fedora-36 [bug 2163636]
Affects: fedora-37 [bug 2163640]

Comment 6 errata-xmlrpc 2023-06-21 14:38:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3711 https://access.redhat.com/errata/RHSA-2023:3711

Comment 7 errata-xmlrpc 2023-06-27 14:57:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3827 https://access.redhat.com/errata/RHSA-2023:3827

Comment 8 Product Security DevOps Team 2023-06-27 19:29:59 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-48281

Comment 9 Zack Miele 2023-07-14 20:41:09 UTC

Creating rhel-7 tracker for customer requesting an out of scope escalation. INC2674682

Note You need to log in before you can comment on or make changes to this bug.

bdettelb
caswilli
dffrench
dkuc
fjansen
gzaronik
hkataria
ikanias
jary
jburrell
jkoehler
jwon
kaycoth
kshier
kyoshida
micjohns
mmuzila
nforro
ngough
rgodfrey
rh-spice-bugs
rravi
sthirugn
tohughes