| Revision Date: | 2022-05-30 | Version: | 1 |
| Title: | Security update for tiff (Important) |
| Description: |
This update for tiff fixes the following issues:
- CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1189320
1195964
1195965
1197066
1197068
1197072
1197073
1197074
1197631
CVE-2021-2372
CVE-2021-2389
CVE-2022-0561
CVE-2022-0562
CVE-2022-0865
CVE-2022-0891
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924
CVE-2022-1056
SUSE-SU-2022:1882-1
|
| Platform(s): | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Package Hub 15 SP4
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 is installed AND tiff-4.0.9-150000.45.8.1 is installed
|