|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2022-2520: tiff: assertion fail in rotateImage() function at tiffcrop.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Leroy <thomas.leroy> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | IN_PROGRESS --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | fstrba, jubalh |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/341168/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2022-2520:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | poc | ||
|
Description
Thomas Leroy
2022-08-31 08:39:33 UTC
QA reproducer: ./build_standard/bin/tiffcrop -Z 1:4,3:3 -R 90 -H 300 -S 2:2 -i CVE-2022-2520 /tmp/foo Affected: - SUSE:SLE-12:Update - SUSE:SLE-15:Update - openSUSE:Factory (In reply to Thomas Leroy from comment #1) > QA reproducer: > ./build_standard/bin/tiffcrop -Z 1:4,3:3 -R 90 -H 300 -S 2:2 -i CVE-2022-2520 > /tmp/foo > > Affected: Assignment should be: Fridrich > - SUSE:SLE-12:Update Michael > - SUSE:SLE-15:Update Please take a look at this > Please take a look at this Waiting due to: https://bugzilla.suse.com/show_bug.cgi?id=1201723#c10 Factory: SR#1012108 SLE12: SR#282475 SLE15: SR#282476 This is an autogenerated message for OBS integration: This bug (1202973) was mentioned in https://build.opensuse.org/request/show/1012108 Factory / tiff SRs accepted. SUSE-SU-2022:3679-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973 CVE References: CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): tiff-4.0.9-44.56.1 SUSE OpenStack Cloud 9 (src): tiff-4.0.9-44.56.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): tiff-4.0.9-44.56.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): tiff-4.0.9-44.56.1 SUSE Linux Enterprise Server 12-SP5 (src): tiff-4.0.9-44.56.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): tiff-4.0.9-44.56.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): tiff-4.0.9-44.56.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): tiff-4.0.9-44.56.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:3690-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973 CVE References: CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526 JIRA References: Sources used: openSUSE Leap Micro 5.2 (src): tiff-4.0.9-150000.45.16.1 openSUSE Leap 15.4 (src): tiff-4.0.9-150000.45.16.1 openSUSE Leap 15.3 (src): tiff-4.0.9-150000.45.16.1 SUSE Manager Server 4.1 (src): tiff-4.0.9-150000.45.16.1 SUSE Manager Retail Branch Server 4.1 (src): tiff-4.0.9-150000.45.16.1 SUSE Manager Proxy 4.1 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server for SAP 15 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Server 15-LTSS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Micro 5.3 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise Micro 5.2 (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): tiff-4.0.9-150000.45.16.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): tiff-4.0.9-150000.45.16.1 SUSE Enterprise Storage 7 (src): tiff-4.0.9-150000.45.16.1 SUSE Enterprise Storage 6 (src): tiff-4.0.9-150000.45.16.1 SUSE CaaS Platform 4.0 (src): tiff-4.0.9-150000.45.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. |