libtiff-devel-32bit-4.3.0-1.6 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12057 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtiff-devel-32bit-4.3.0-1.6 on GA media These are all security issues fixed in the libtiff-devel-32bit-4.3.0-1.6 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12057 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12057 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0561/ SUSE CVE CVE-2022-0561 page https://www.suse.com/security/cve/CVE-2022-0562/ SUSE CVE CVE-2022-0562 page https://www.suse.com/security/cve/CVE-2022-0865/ SUSE CVE CVE-2022-0865 page https://www.suse.com/security/cve/CVE-2022-0891/ SUSE CVE CVE-2022-0891 page https://www.suse.com/security/cve/CVE-2022-0907/ SUSE CVE CVE-2022-0907 page https://www.suse.com/security/cve/CVE-2022-0908/ SUSE CVE CVE-2022-0908 page https://www.suse.com/security/cve/CVE-2022-0909/ SUSE CVE CVE-2022-0909 page https://www.suse.com/security/cve/CVE-2022-0924/ SUSE CVE CVE-2022-0924 page https://www.suse.com/security/cve/CVE-2022-1056/ SUSE CVE CVE-2022-1056 page openSUSE Tumbleweed libtiff-devel-4.3.0-2.1 libtiff-devel-32bit-4.3.0-1.6 libtiff5-4.3.0-2.1 libtiff5-32bit-4.3.0-1.6 tiff-4.3.0-2.1 libtiff-devel-4.3.0-2.1 as a component of openSUSE Tumbleweed libtiff-devel-32bit-4.3.0-1.6 as a component of openSUSE Tumbleweed libtiff5-4.3.0-2.1 as a component of openSUSE Tumbleweed libtiff5-32bit-4.3.0-1.6 as a component of openSUSE Tumbleweed tiff-4.3.0-2.1 as a component of openSUSE Tumbleweed Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. CVE-2022-0561 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0561.html CVE-2022-0561 https://bugzilla.suse.com/1195964 SUSE Bug 1195964 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. CVE-2022-0562 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0562.html CVE-2022-0562 https://bugzilla.suse.com/1195965 SUSE Bug 1195965 https://bugzilla.suse.com/1201723 SUSE Bug 1201723 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. CVE-2022-0865 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0865.html CVE-2022-0865 https://bugzilla.suse.com/1197066 SUSE Bug 1197066 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact CVE-2022-0891 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0891.html CVE-2022-0891 https://bugzilla.suse.com/1197068 SUSE Bug 1197068 Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. CVE-2022-0907 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0907.html CVE-2022-0907 https://bugzilla.suse.com/1197070 SUSE Bug 1197070 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. CVE-2022-0908 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0908.html CVE-2022-0908 https://bugzilla.suse.com/1197074 SUSE Bug 1197074 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. CVE-2022-0909 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0909.html CVE-2022-0909 https://bugzilla.suse.com/1197072 SUSE Bug 1197072 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. CVE-2022-0924 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0924.html CVE-2022-0924 https://bugzilla.suse.com/1197073 SUSE Bug 1197073 Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. CVE-2022-1056 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff-devel-4.3.0-2.1 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.6 openSUSE Tumbleweed:libtiff5-4.3.0-2.1 openSUSE Tumbleweed:tiff-4.3.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1056.html CVE-2022-1056 https://bugzilla.suse.com/1197631 SUSE Bug 1197631