SB2022060633 - Multiple vulnerabilities in LibTIFF

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-1622)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in LZWDecode() function in libtiff/tif_lzw.c:619. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and to perform a denial of service attack.

2) Out-of-bounds read (CVE-ID: CVE-2022-1623)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in LZWDecode() function in libtiff/tif_lzw.c:624. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and perform a denial of service attack.

3) Out-of-bounds read (CVE-ID: CVE-2022-22844)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the _TIFFmemcpy() function in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. A remote attacker can pass a specially crafted file and perform a denial of service attack.

4) NULL pointer dereference (CVE-ID: CVE-2022-0907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in tiffcrop in libtiff. A remote attacker can trigger denial of service conditions via a crafted tiff file.

5) Division by zero (CVE-ID: CVE-2022-2057)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.

6) Division by zero (CVE-ID: CVE-2022-2056)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.

7) Division by zero (CVE-ID: CVE-2022-2058)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.

Remediation

Install update from vendor's website.

References

• https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
• https://gitlab.com/libtiff/libtiff/-/issues/410
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json
• https://gitlab.com/libtiff/libtiff/-/issues/355
• https://gitlab.com/libtiff/libtiff/-/merge_requests/287
• https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html
• https://security.netapp.com/advisory/ntap-20220311-0002/
• https://www.debian.org/security/2022/dsa-5108
• https://bugzilla.redhat.com/show_bug.cgi?id=2042603
• https://gitlab.com/libtiff/libtiff/-/merge_requests/314
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
• https://gitlab.com/libtiff/libtiff/-/issues/392
• https://gitlab.com/libtiff/libtiff/-/issues/427
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json
• https://gitlab.com/libtiff/libtiff/-/merge_requests/346
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/
• https://gitlab.com/libtiff/libtiff/-/issues/415
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json
• https://gitlab.com/libtiff/libtiff/-/issues/428