AVG-2659 log

Package lib32-libtiff
Status Fixed
Severity High
Type multiple issues
Affected 4.3.0-1
Fixed 4.3.0-2
Current 4.4.0-4 [multilib]
Ticket FS#74229
Created Mon Apr 4 23:33:13 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-22844 Medium Yes Denial of service
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVE-2022-0924 Medium Yes Denial of service
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
CVE-2022-0909 Medium Yes Denial of service
A division by zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
CVE-2022-0908 Medium Yes Denial of service
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to...
CVE-2022-0907 Medium Yes Denial of service
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
CVE-2022-0891 High Yes Arbitrary code execution
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds...
CVE-2022-0865 Medium Yes Denial of service
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
CVE-2022-0562 Medium Yes Denial of service
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead...
CVE-2022-0561 Medium Yes Denial of service
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could...