{"id":"MGASA-2022-0119","summary":"Updated libtiff packages fix security vulnerability","details":"Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a\ndenial-of-service via a crafted tiff file. (CVE-2022-0865)\n\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in\nlibtiff library Version 4.3.0 allows attacker to trigger unsafe or out of\nbounds memory access via crafted TIFF image file which could result into\napplication crash, potential information disclosure or any other\ncontext-dependent impact. (CVE-2022-0891)\n\nNull source pointer passed as an argument to memcpy() function within\nTIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0\ncould lead to Denial of Service via crafted TIFF file. (CVE-2022-0908)\n\nDivide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to\ncause a denial-of-service via a crafted tiff file. (CVE-2022-0909)\n\nOut-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to\ncause a denial-of-service via a crafted tiff file. (CVE-2022-0924)\n","modified":"2026-04-16T04:42:58.640595467Z","published":"2022-03-28T16:23:37Z","upstream":["CVE-2022-0865","CVE-2022-0891","CVE-2022-0908","CVE-2022-0909","CVE-2022-0924"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0119.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30210"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5108"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0-1.3.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0119.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}