QID 354416
Date Published: 2022-12-21
QID 354416: Amazon Linux Security Advisory for libtiff : ALAS2022-2022-094
A heap buffer overflow flaw was found in libtiffs' tiffinfo.c in tiffreadrawdatastriped() function.
This flaw allows an attacker to pass a crafted tiff file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. (
( CVE-2022-1354) a stack buffer overflow flaw was found in libtiffs' tiffcp.c in main() function.
This flaw allows an attacker to pass a crafted tiff file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. (
( CVE-2022-1355) an out-of-bounds read vulnerability was found in libtiff's lzwdecode() function in libtiff/tif_lzw.c.
This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing. (
( CVE-2022-1622) an out-of-bounds read vulnerability was found in libtiff's lzwdecode() function in libtiff/tif_lzw.c.
( CVE-2022-1623)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2022-2022-094 -
alas.aws.amazon.com/AL2022/ALAS-2022-094.html
CVEs related to QID 354416
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2022-2022-094 | amazon linux 2022 |
alas.aws.amazon.com/AL2022/ALAS-2022-094.html |