Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#1014494: tiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058

5 views
Skip to first unread message

Moritz Mühlenhoff

unread,
Jul 6, 2022, 5:10:03 PM7/6/22
to
Source: tiff
X-Debbugs-CC: te...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for tiff.

CVE-2022-2056[0]:
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to
| cause a denial-of-service via a crafted tiff file. For users that
| compile libtiff from sources, the fix is available with commit
| f3a5e010.

https://gitlab.com/libtiff/libtiff/-/issues/415
https://gitlab.com/libtiff/libtiff/-/merge_requests/346
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab

CVE-2022-2057[1]:
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to
| cause a denial-of-service via a crafted tiff file. For users that
| compile libtiff from sources, the fix is available with commit
| f3a5e010.

https://gitlab.com/libtiff/libtiff/-/issues/427
https://gitlab.com/libtiff/libtiff/-/merge_requests/346
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab

CVE-2022-2058[2]:
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to
| cause a denial-of-service via a crafted tiff file. For users that
| compile libtiff from sources, the fix is available with commit
| f3a5e010.

https://gitlab.com/libtiff/libtiff/-/issues/428
https://gitlab.com/libtiff/libtiff/-/merge_requests/346
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
[1] https://security-tracker.debian.org/tracker/CVE-2022-2057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
[2] https://security-tracker.debian.org/tracker/CVE-2022-2058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

Please adjust the affected versions in the BTS as needed.
0 new messages