QID 353264
Date Published: 2022-04-28
QID 353264: Amazon Linux Security Advisory for libtiff : ALAS2-2022-1780
integer overflow in the writebuffertoseparatestrips function in tiffcrop.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (
( CVE-2016-9532) a flaw was found in libtiff.
Due to a memory allocation failure in tif_read.c, a crafted tiff file can lead to an abort, resulting in denial of service. (
( CVE-2020-35521) in libtiff, there is a memory malloc failure in tif_pixarlog.c.
A crafted tiff document can lead to an abort, resulting in a remote denial of service attack. (
( CVE-2020-35522) an integer overflow flaw was found in libtiff that exists in the tif_getimage.c file.
This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted tiff file.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (
( CVE-2020-35523) a heap-based buffer overflow flaw was found in libtiff in the handling of tiff images in libtiffs tiff2pdf tool.
A specially crafted tiff file can lead to arbitrary code execution.
( CVE-2020-35524) a flaw was found in libtiff where a null source pointer passed as an argument to the memcpy() function within the tifffetchstripthing() in tif_dirread.c.
This flaw allows an attacker with a crafted tiff file to exploit this flaw, causing a crash and leading to a denial of service. (
( CVE-2022-0561)
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2022-1780 -
alas.aws.amazon.com/AL2/ALAS-2022-1780.html
CVEs related to QID 353264
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2022-1780 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2022-1780.html |