ALAS2-2022-1814

A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy() function within the TIFFReadDirectory() in tif_dirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service. (CVE-2022-0562)

A flaw was found in libtiff-4.0.3-35.amzn2.0.1 as packaged on Amazon Linux 2. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault. Actors can use this issue to potentially cause a Denial of Service condition. (CVE-2022-34266)

aarch64:
    libtiff-4.0.3-35.amzn2.0.2.aarch64
    libtiff-devel-4.0.3-35.amzn2.0.2.aarch64
    libtiff-static-4.0.3-35.amzn2.0.2.aarch64
    libtiff-tools-4.0.3-35.amzn2.0.2.aarch64
    libtiff-debuginfo-4.0.3-35.amzn2.0.2.aarch64

i686:
    libtiff-4.0.3-35.amzn2.0.2.i686
    libtiff-devel-4.0.3-35.amzn2.0.2.i686
    libtiff-static-4.0.3-35.amzn2.0.2.i686
    libtiff-tools-4.0.3-35.amzn2.0.2.i686
    libtiff-debuginfo-4.0.3-35.amzn2.0.2.i686

src:
    libtiff-4.0.3-35.amzn2.0.2.src

x86_64:
    libtiff-4.0.3-35.amzn2.0.2.x86_64
    libtiff-devel-4.0.3-35.amzn2.0.2.x86_64
    libtiff-static-4.0.3-35.amzn2.0.2.x86_64
    libtiff-tools-4.0.3-35.amzn2.0.2.x86_64
    libtiff-debuginfo-4.0.3-35.amzn2.0.2.x86_64