VMware Tanzu products update for LibTIFF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2020-19131 CVE-2020-19144 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844 |
| CWE-ID | CWE-119 CWE-476 CWE-369 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
VMware Tanzu Operations Manager Server applications / Virtualization software Tanzu Greenplum for Kubernetes Other software / Other software solutions |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU63910
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-19131
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error in the invertImage() function in the tiffcrop component. A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3- cpe:2.3:a:vmware:vmware_tanzu_operations_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:tanzu_greenplum_for_kubernetes:*:*:*:*:*:*:*:*
https://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU65438
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-19144
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files within the _TIFFmemcpy() funtion in "tif_unix.c". A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3 External linkshttps://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU63794
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tiffcrop in libtiff. A remote attacker can trigger denial of service conditions via a crafted tiff file.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3 External linkshttps://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU63374
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchNormalTag () in tif_dirread.c. A remote attacker can pass specially crafted TIFF file to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3 External linkshttps://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Division by zero
EUVDB-ID: #VU63376
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0909
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the tiffcrop component. A remote attacker can pass a specially crafted TIFF file to the application and crash it.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3 External linkshttps://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU63378
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0924
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial-of-service attack.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and perform a denial-of-service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3 External linkshttps://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU63795
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-22844
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the _TIFFmemcpy() function in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. A remote attacker can pass a specially crafted file and perform a denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tanzu Operations Manager: before 2.7.25, 2.8.16, 2.9.12, 2.10.39, 2.7.25, 2.7.25, 2.7.25
Tanzu Greenplum for Kubernetes: before 2.0.0
CPE2.3 External linkshttps://tanzu.vmware.com/security/usn-5523-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
