libtiff-devel-32bit-4.4.0-5.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12510-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtiff-devel-32bit-4.4.0-5.1 on GA media These are all security issues fixed in the libtiff-devel-32bit-4.4.0-5.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12510 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-3597/ SUSE CVE CVE-2022-3597 page https://www.suse.com/security/cve/CVE-2022-3598/ SUSE CVE CVE-2022-3598 page https://www.suse.com/security/cve/CVE-2022-3599/ SUSE CVE CVE-2022-3599 page https://www.suse.com/security/cve/CVE-2022-3626/ SUSE CVE CVE-2022-3626 page https://www.suse.com/security/cve/CVE-2022-3627/ SUSE CVE CVE-2022-3627 page https://www.suse.com/security/cve/CVE-2022-3970/ SUSE CVE CVE-2022-3970 page openSUSE Tumbleweed libtiff-devel-4.4.0-5.1 libtiff-devel-32bit-4.4.0-5.1 libtiff5-4.4.0-5.1 libtiff5-32bit-4.4.0-5.1 tiff-4.4.0-5.1 libtiff-devel-4.4.0-5.1 as a component of openSUSE Tumbleweed libtiff-devel-32bit-4.4.0-5.1 as a component of openSUSE Tumbleweed libtiff5-4.4.0-5.1 as a component of openSUSE Tumbleweed libtiff5-32bit-4.4.0-5.1 as a component of openSUSE Tumbleweed tiff-4.4.0-5.1 as a component of openSUSE Tumbleweed LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVE-2022-3597 openSUSE Tumbleweed:libtiff-devel-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff-devel-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-4.4.0-5.1 openSUSE Tumbleweed:tiff-4.4.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3597.html CVE-2022-3597 https://bugzilla.suse.com/1204641 SUSE Bug 1204641 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. CVE-2022-3598 openSUSE Tumbleweed:libtiff-devel-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff-devel-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-4.4.0-5.1 openSUSE Tumbleweed:tiff-4.4.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3598.html CVE-2022-3598 https://bugzilla.suse.com/1204642 SUSE Bug 1204642 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. CVE-2022-3599 openSUSE Tumbleweed:libtiff-devel-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff-devel-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-4.4.0-5.1 openSUSE Tumbleweed:tiff-4.4.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3599.html CVE-2022-3599 https://bugzilla.suse.com/1204643 SUSE Bug 1204643 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVE-2022-3626 openSUSE Tumbleweed:libtiff-devel-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff-devel-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-4.4.0-5.1 openSUSE Tumbleweed:tiff-4.4.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3626.html CVE-2022-3626 https://bugzilla.suse.com/1204644 SUSE Bug 1204644 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVE-2022-3627 openSUSE Tumbleweed:libtiff-devel-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff-devel-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-4.4.0-5.1 openSUSE Tumbleweed:tiff-4.4.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3627.html CVE-2022-3627 https://bugzilla.suse.com/1204645 SUSE Bug 1204645 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. CVE-2022-3970 openSUSE Tumbleweed:libtiff-devel-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff-devel-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-32bit-4.4.0-5.1 openSUSE Tumbleweed:libtiff5-4.4.0-5.1 openSUSE Tumbleweed:tiff-4.4.0-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3970.html CVE-2022-3970 https://bugzilla.suse.com/1205392 SUSE Bug 1205392 https://bugzilla.suse.com/1208311 SUSE Bug 1208311 https://bugzilla.suse.com/1208312 SUSE Bug 1208312 https://bugzilla.suse.com/1208338 SUSE Bug 1208338 https://bugzilla.suse.com/1208655 SUSE Bug 1208655 https://bugzilla.suse.com/1209328 SUSE Bug 1209328