libtiff: Multiple Security Vulnerabilities on current 4.4.0

[CamberLoid]

CVE IDs

CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-48281, CVE-2023-30775, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-30774, CVE-2023-30775

Other security advisory IDs

Debian:

• https://security-tracker.debian.org/tracker/DLA-3278-1
• https://security-tracker.debian.org/tracker/DSA-5333-1

Description

• CVE-2022-2056, CVE-2022-2057, CVE-2022-2058: Divide-by-zero on malcrafted TIFF files.
• CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799:
  • Desc: Out-of-bound reads when processing certain malformed files when using tiffcrop
  • Impact: Crash/DoS
• CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804:
  • Desc: OOB write when processing certain malformed files when using tiffcrop
  • Impact: Crash/DoS; Potential arbitrary code execution
  • CWE: Out-of-bound Write
• CVE-2023-30774, CVE-2023-30775: Heap buffer overflow on tiffcrop. Low S.
• CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-48281, CVE-2023-30775:
  • Desc: Multiple HBO/OOB Write on tiffcrop.
  • Impact: Crash/DoS
• CVE-2022-3970: 0-day vulnerability
  • Desc: Integer overflow in TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. Known to public exploited.
  • Impact: Crash/DoS
• CVE-2022-34526

Affected packages:

• libtiff: 4.4.0 + patchset
• libtiff+32

Severity

High, potential 0-day (CVE-2022-3970)

Patches

Update to 4.5.1

PoC(s)

See original bug reports.