Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2022-1644

Related Vulnerabilities: CVE-2022-1355   CVE-2022-3970  

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. (CVE-2022-1355) A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)

Source

ALAS-2022-1644

Amazon Linux AMI Security Advisory: ALAS-2022-1644
Advisory Release Date: 2022-12-01 17:33 Pacific
Advisory Updated Date: 2022-12-10 00:45 Pacific
Severity: Important
Issue Overview:

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. (CVE-2022-1355)

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)


Affected Packages:

libtiff


Issue Correction:
Run yum update libtiff to update your system.

New Packages:
i686:
    libtiff-4.0.3-35.42.amzn1.i686
    libtiff-devel-4.0.3-35.42.amzn1.i686
    libtiff-debuginfo-4.0.3-35.42.amzn1.i686
    libtiff-static-4.0.3-35.42.amzn1.i686

src:
    libtiff-4.0.3-35.42.amzn1.src

x86_64:
    libtiff-4.0.3-35.42.amzn1.x86_64
    libtiff-static-4.0.3-35.42.amzn1.x86_64
    libtiff-debuginfo-4.0.3-35.42.amzn1.x86_64
    libtiff-devel-4.0.3-35.42.amzn1.x86_64

Additional References

Red Hat: CVE-2022-1355, CVE-2022-3970

Mitre: CVE-2022-1355, CVE-2022-3970

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started