Bugzilla – Bug 1201175
VUL-0: CVE-2022-2057: tiff: DoS from Divide By Zero Error
Last modified: 2023-04-10 16:44:52 UTC
rh#2103222 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json https://gitlab.com/libtiff/libtiff/-/merge_requests/346 https://gitlab.com/libtiff/libtiff/-/issues/428 References: https://bugzilla.redhat.com/show_bug.cgi?id=2103222 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057 https://gitlab.com/libtiff/libtiff/-/merge_requests/346 https://gitlab.com/libtiff/libtiff/-/issues/427 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json
Not Affected (tiffcrop does not exist): - SUSE:SLE-11:Update/tiff 3.8.2 Affected: - SUSE:SLE-12:Update/tiff 4.0.9 - SUSE:SLE-15:Update/tiff 4.0.9 - openSUSE:Factory/tiff 4.4.0
https://gitlab.com/libtiff/libtiff/-/commit/f3a5e0107ffb97b2f002ce0f8df173a515b611b6 and https://gitlab.com/libtiff/libtiff/-/merge_requests/353 Factory: SR#987003 SLE12: SR#275227 SLE15: SR#275228
This is an autogenerated message for OBS integration: This bug (1201175) was mentioned in https://build.opensuse.org/request/show/987003 Factory / tiff
SUSE-SU-2022:2647-1: An update that fixes three vulnerabilities is now available. Category: security (low) Bug References: 1201174,1201175,1201176 CVE References: CVE-2022-2056,CVE-2022-2057,CVE-2022-2058 JIRA References: Sources used: openSUSE Leap 15.4 (src): tiff-4.0.9-150000.45.11.1 openSUSE Leap 15.3 (src): tiff-4.0.9-150000.45.11.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): tiff-4.0.9-150000.45.11.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): tiff-4.0.9-150000.45.11.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): tiff-4.0.9-150000.45.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): tiff-4.0.9-150000.45.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): tiff-4.0.9-150000.45.11.1 SUSE Linux Enterprise Micro 5.2 (src): tiff-4.0.9-150000.45.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2648-1: An update that fixes three vulnerabilities is now available. Category: security (low) Bug References: 1201174,1201175,1201176 CVE References: CVE-2022-2056,CVE-2022-2057,CVE-2022-2058 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): tiff-4.0.9-44.51.1 SUSE Linux Enterprise Server 12-SP5 (src): tiff-4.0.9-44.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2647-2: An update that fixes three vulnerabilities is now available. Category: security (low) Bug References: 1201174,1201175,1201176 CVE References: CVE-2022-2056,CVE-2022-2057,CVE-2022-2058 JIRA References: Sources used: openSUSE Leap Micro 5.2 (src): tiff-4.0.9-150000.45.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.