{"id":"ALSA-2023:2340","summary":"Moderate: libtiff security update","details":"The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: heap Buffer overflows in tiffcrop.c (CVE-2022-3570)\n* libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix (CVE-2022-3597)\n* libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c (CVE-2022-3598)\n* libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c (CVE-2022-3599)\n* libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (CVE-2022-3626)\n* libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (CVE-2022-3627)\n* libtiff: integer overflow in function TIFFReadRGBATileExt of the file (CVE-2022-3970)\n* libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)\n* libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2023-30774)\n* libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T02:51:34.888537Z","published":"2023-05-09T00:00:00Z","related":["CVE-2022-3570","CVE-2022-3597","CVE-2022-3598","CVE-2022-3599","CVE-2022-3626","CVE-2022-3627","CVE-2022-3970","CVE-2022-4645","CVE-2023-30774","CVE-2023-30775"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3570"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3597"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3598"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3599"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3626"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3627"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3970"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-4645"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-30774"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-30775"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2142734"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2142736"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2142738"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2142740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2142741"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2142742"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2148918"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2176220"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2187139"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2187141"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2023-2340.html"}],"affected":[{"package":{"name":"libtiff","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libtiff"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-7.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2340.json"}},{"package":{"name":"libtiff-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libtiff-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-7.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2340.json"}},{"package":{"name":"libtiff-tools","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libtiff-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-7.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2340.json"}}],"schema_version":"1.7.3"}