Amazon Linux AMI update for libtiff



Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2022-3570
CVE-2022-3598
CVE-2022-48281
CVE-2023-30775
CVE-2023-40745
CVE-2023-41175
CWE-ID CWE-122
CWE-787
CWE-190
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 Amazon Linux AMI
Operating systems & Components / Operating system

libtiff
Operating systems & Components / Operating system package or component

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU68814

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2022-3570

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in tiffcrop.c utility in libtiff when processing TIFF files. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages:

aarch64:
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-static-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-devel-4.4.0-4.amzn2023.0.16.aarch64

src:
    libtiff-4.4.0-4.amzn2023.0.16.src

x86_64:
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-static-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-devel-4.4.0-4.amzn2023.0.16.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libtiff: before 4.4.0-4

CPE2.3 External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Out-of-bounds write

EUVDB-ID: #VU68815

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3598

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TIFF images within the extractContigSamplesShifted24bits() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected packages:

aarch64:
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-static-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-devel-4.4.0-4.amzn2023.0.16.aarch64

src:
    libtiff-4.4.0-4.amzn2023.0.16.src

x86_64:
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-static-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-devel-4.4.0-4.amzn2023.0.16.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libtiff: before 4.4.0-4

CPE2.3 External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU71620

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-48281

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processCropSelections() function in tools/tiffcrop.c in LibTIFF. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages:

aarch64:
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-static-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-devel-4.4.0-4.amzn2023.0.16.aarch64

src:
    libtiff-4.4.0-4.amzn2023.0.16.src

x86_64:
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-static-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-devel-4.4.0-4.amzn2023.0.16.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libtiff: before 4.4.0-4

CPE2.3 External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU75891

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-30775

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the extractContigSamples32bits() function in tiffcrop.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages:

aarch64:
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-static-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-devel-4.4.0-4.amzn2023.0.16.aarch64

src:
    libtiff-4.4.0-4.amzn2023.0.16.src

x86_64:
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-static-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-devel-4.4.0-4.amzn2023.0.16.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libtiff: before 4.4.0-4

CPE2.3 External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU83511

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-40745

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted image to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages:

aarch64:
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-static-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-devel-4.4.0-4.amzn2023.0.16.aarch64

src:
    libtiff-4.4.0-4.amzn2023.0.16.src

x86_64:
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-static-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-devel-4.4.0-4.amzn2023.0.16.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libtiff: before 4.4.0-4

CPE2.3 External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU81692

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-41175

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in raw2tiff.c A remote attacker can create a specially crafted TIFF file, trick the victim into opening it with the affected software, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages:

aarch64:
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-static-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.aarch64
    libtiff-devel-4.4.0-4.amzn2023.0.16.aarch64

src:
    libtiff-4.4.0-4.amzn2023.0.16.src

x86_64:
    libtiff-debugsource-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-static-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-tools-4.4.0-4.amzn2023.0.16.x86_64
    libtiff-devel-4.4.0-4.amzn2023.0.16.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libtiff: before 4.4.0-4

CPE2.3 External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###