Bug 1202026 (CVE-2022-34526) - VUL-0: CVE-2022-34526: tiff: stack overflow in the _TIFFVGetField function of Tiffsplit
Summary: VUL-0: CVE-2022-34526: tiff: stack overflow in the _TIFFVGetField function of...
Status: RESOLVED FIXED
Alias: CVE-2022-34526
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/338522/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-34526:7.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-01 11:04 UTC by Robert Frohl
Modified: 2023-04-10 16:45 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-08-01 11:04:52 UTC
rh#2112756

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2112756
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
http://www.cvedetails.com/cve/CVE-2022-34526/
https://gitlab.com/libtiff/libtiff/-/issues/433
Comment 1 Robert Frohl 2022-08-01 11:16:49 UTC
does not reproduce, but on a code level seems affected. Therefor tracking these codestreams as affected:

- SUSE:SLE-11:Update/tiff
- SUSE:SLE-12:Update/tiff
- SUSE:SLE-15:Update/tiff
Comment 2 Michael Vetter 2022-08-01 12:20:21 UTC
SR#992028 to openSUSE:Factory

Fix for SLE11/SLE12/SLE15 is available at: https://build.suse.de/project/show/home:mvetter:tiff-CVE-2022-34526

I would like to wait for https://bugzilla.suse.com/show_bug.cgi?id=1201723#c5 so we can submit this together (in case it really is another bug) but can already submit if you wish so.
Comment 3 Robert Frohl 2022-08-01 12:29:51 UTC
(In reply to Michael Vetter from comment #2)
> SR#992028 to openSUSE:Factory
> 
> Fix for SLE11/SLE12/SLE15 is available at:
> https://build.suse.de/project/show/home:mvetter:tiff-CVE-2022-34526
> 
> I would like to wait for
> https://bugzilla.suse.com/show_bug.cgi?id=1201723#c5 so we can submit this
> together (in case it really is another bug) but can already submit if you
> wish so.

Sounds okay to wait a while to me, but if it takes to long better to submit at one point.
Comment 4 OBSbugzilla Bot 2022-08-01 14:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1202026) was mentioned in
https://build.opensuse.org/request/show/992028 Factory / tiff
Comment 5 Michael Vetter 2022-08-03 15:28:14 UTC
Fix is at https://build.suse.de/project/show/home:mvetter:tiff-CVE-2022-34526
Containing the fix for CVE-2022-34526 and the changelog entry/renaming of patch for the already fixed CVE-2022-34266/CVE-2022-0561

SLE11 SR#276971
SLE12 SR#276972
SLE15 SR#276973
Comment 9 Swamp Workflow Management 2022-10-20 16:20:22 UTC
SUSE-SU-2022:3679-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973
CVE References: CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    tiff-4.0.9-44.56.1
SUSE OpenStack Cloud 9 (src):    tiff-4.0.9-44.56.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    tiff-4.0.9-44.56.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    tiff-4.0.9-44.56.1
SUSE Linux Enterprise Server 12-SP5 (src):    tiff-4.0.9-44.56.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    tiff-4.0.9-44.56.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    tiff-4.0.9-44.56.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    tiff-4.0.9-44.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-10-21 16:23:12 UTC
SUSE-SU-2022:3690-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973
CVE References: CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    tiff-4.0.9-150000.45.16.1
openSUSE Leap 15.4 (src):    tiff-4.0.9-150000.45.16.1
openSUSE Leap 15.3 (src):    tiff-4.0.9-150000.45.16.1
SUSE Manager Server 4.1 (src):    tiff-4.0.9-150000.45.16.1
SUSE Manager Retail Branch Server 4.1 (src):    tiff-4.0.9-150000.45.16.1
SUSE Manager Proxy 4.1 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server for SAP 15 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Server 15-LTSS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Micro 5.3 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise Micro 5.2 (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    tiff-4.0.9-150000.45.16.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    tiff-4.0.9-150000.45.16.1
SUSE Enterprise Storage 7 (src):    tiff-4.0.9-150000.45.16.1
SUSE Enterprise Storage 6 (src):    tiff-4.0.9-150000.45.16.1
SUSE CaaS Platform 4.0 (src):    tiff-4.0.9-150000.45.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.