QID 354588
QID 354588: Amazon Linux Security Advisory for libtiff : ALAS-2022-194
A divide-by-zero vulnerability was found in libtiff.
This flaw allows an attacker to cause a denial of service via a crafted tiff file. (
( CVE-2022-2056) a divide-by-zero vulnerability was found in libtiff.
( CVE-2022-2057) a divide-by-zero vulnerability was found in libtiff.
( CVE-2022-2058) a stack overflow flaw was found in the _tiffvgetfield function of tiffsplit.
This vulnerability allows attackers to cause a denial of service (dos) via a crafted tiff file. (
( CVE-2022-34526)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2022-194 for affected packages and patching details, or update with your package manager.
Vendor References
- ALAS-2022-194 -
alas.aws.amazon.com/AL2022/ALAS-2022-194.html
CVEs related to QID 354588
CVE-2022-2058 | CVE-2022-0908 | CVE-2022-22844 | CVE-2022-0561 | CVE-2022-0924 | CVE-2022-34526 | CVE-2022-1355 | CVE-2022-0909 | CVE-2022-2057 | CVE-2022-2869 | CVE-2022-2056 | CVE-2022-1622 | CVE-2022-0865 | CVE-2022-1354 | CVE-2022-1056 | CVE-2022-0907 | CVE-2022-0891 | CVE-2022-1623 | CVE-2022-0562 |
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS-2022-194 | amazon linux 2022 |
alas.aws.amazon.com/AL2022/ALAS-2022-194.html |