ALAS2022-2022-183

Amazon Linux 2022 Security Advisory: ALAS-2022-183
Advisory Release Date: 2022-11-01 21:24 Pacific
Advisory Updated Date: 2022-11-03 20:59 Pacific
Severity: Medium
Issue Overview:

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. (CVE-2022-1056)

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. (CVE-2022-1354)

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. (CVE-2022-1355)

An out-of-bounds read vulnerability was found in Libtiff's LZWDecode() function in libtiff/tif_lzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing. (CVE-2022-1622)

An out-of-bounds read vulnerability was found in Libtiff's LZWDecode() function in libtiff/tif_lzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing. (CVE-2022-1623)

A flaw was found in libtiff's tiffcrop tool that has a uint32_t underflow, which leads to an out-of-bounds read and write in the extractContigSamples8bits routine. This flaw allows an attacker who supplies a crafted file to tiffcrop to trick a user into opening the crafted file with tiffcrop, causing a crash or potential further exploitations. (CVE-2022-2869)


Affected Packages:

libtiff


Issue Correction:
Run dnf update libtiff --releasever=2022.0.20221102 to update your system.

New Packages:
aarch64:
    libtiff-debugsource-4.4.0-1.amzn2022.0.1.aarch64
    libtiff-static-4.4.0-1.amzn2022.0.1.aarch64
    libtiff-debuginfo-4.4.0-1.amzn2022.0.1.aarch64
    libtiff-tools-4.4.0-1.amzn2022.0.1.aarch64
    libtiff-4.4.0-1.amzn2022.0.1.aarch64
    libtiff-tools-debuginfo-4.4.0-1.amzn2022.0.1.aarch64
    libtiff-devel-4.4.0-1.amzn2022.0.1.aarch64

src:
    libtiff-4.4.0-1.amzn2022.0.1.src

x86_64:
    libtiff-static-4.4.0-1.amzn2022.0.1.x86_64
    libtiff-debugsource-4.4.0-1.amzn2022.0.1.x86_64
    libtiff-debuginfo-4.4.0-1.amzn2022.0.1.x86_64
    libtiff-tools-debuginfo-4.4.0-1.amzn2022.0.1.x86_64
    libtiff-4.4.0-1.amzn2022.0.1.x86_64
    libtiff-tools-4.4.0-1.amzn2022.0.1.x86_64
    libtiff-devel-4.4.0-1.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2022-1056, CVE-2022-1354, CVE-2022-1355, CVE-2022-1622, CVE-2022-1623, CVE-2022-2869

Mitre: CVE-2022-1056, CVE-2022-1354, CVE-2022-1355, CVE-2022-1622, CVE-2022-1623, CVE-2022-2869