Bug 13268

Summary: [CVE 21] libtiff 4.1.0 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: a.proklov, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2022-2868, CVE-2022-2869, CVE-2022-3570, CVE-2022-3970
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-05-03 18:00:18 MSK 
Please patch CVEs for package libtiff version 4.1.0
  
INFO (CVEs are): libtiff 4.1.0
 cves found
CVE-2022-2868
Desc: libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-2868
Severity: MEDIUM
CVE-2022-2869
Desc: libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-2869
Severity: MEDIUM
CVE-2022-3570
Desc: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-3570
Severity: MEDIUM
CVE-2022-3970
Desc: A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-3970
Severity: HIGH
CVE-2023-1916
Desc: A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1916
Severity: MEDIUM
Comment 1 Aleksandr Proklov 2023-05-26 07:46:05 MSK 
CVE-2022-2868, CVE-2022-2869 уже закрыты патчем

CVE-2023-1916 неприменимо к коду libtiff 4.1.0


CVE-2022-3570 - fixed
CVE-2022-3970 - fixed

https://abf.io/build_lists/4445162
https://abf.io/build_lists/4445163
https://abf.io/build_lists/4445164
https://abf.io/build_lists/4445165
https://abf.io/build_lists/4445166
Comment 2 Vladimir Potapov 2023-05-26 15:17:39 MSK 
(In reply to Aleksandr from comment #1)
> https://abf.io/build_lists/4445162
> https://abf.io/build_lists/4445163
> https://abf.io/build_lists/4445164
> https://abf.io/build_lists/4445165
> https://abf.io/build_lists/4445166
*********************************************
The update sent to testings
Comment 3 Vladimir Potapov 2023-05-30 17:59:48 MSK 
libtiff-4.1.0-4
https://abf.io/build_lists/4445162
https://abf.io/build_lists/4445163
https://abf.io/build_lists/4445164
https://abf.io/build_lists/4445165
https://abf.io/build_lists/4445166
**************************** Advisory *************************
CVE-2022-3570 - fixed
CVE-2022-3970 - fixed
***************************************************************
QA Verified
Comment 4 Yury 2023-07-25 16:25:31 MSK 
Secteam Verified
Comment 5 Yury 2023-07-25 16:26:49 MSK 
Secteam Verified