QID 355148
Date Published: 2023-05-29
QID 355148: Amazon Linux Security Advisory for libtiff : ALAS2023-2023-067
There is a double free or corruption in rotateimage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. (
( CVE-2022-2519) a flaw was found in libtiff 4.4.0rc1.
There is a sysmalloc assertion fail in rotateimage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. (
( CVE-2022-2520) it was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in tiffclose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. (
( CVE-2022-2521) libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. (
( CVE-2022-2868) libtiff 4.4.0 has an out-of-bounds read in extractimagesection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.
For users that compile libtiff from sources, the fix is available with commit 48d6ece8. (
( CVE-2022-2953)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2023-2023-067 -
alas.aws.amazon.com/AL2023/ALAS-2023-067.html
CVEs related to QID 355148
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2023-2023-067 | amazon linux 2023 |
alas.aws.amazon.com/AL2023/ALAS-2023-067.html |