ALSA-2023:0302

Source

https://errata.almalinux.org/9/ALSA-2023-0302.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:0302.json

Related

• CVE-2022-2056
• CVE-2022-2057
• CVE-2022-2058
• CVE-2022-2519
• CVE-2022-2520
• CVE-2022-2521
• CVE-2022-2953

Published

2023-01-23T00:00:00Z

Modified

2023-03-13T16:36:47Z

Details

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

• LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
• libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
• libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
• libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
• libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

• https://access.redhat.com/errata/RHSA-2023:0302
• https://access.redhat.com/security/cve/CVE-2022-2056
• https://access.redhat.com/security/cve/CVE-2022-2057
• https://access.redhat.com/security/cve/CVE-2022-2058
• https://access.redhat.com/security/cve/CVE-2022-2519
• https://access.redhat.com/security/cve/CVE-2022-2520
• https://access.redhat.com/security/cve/CVE-2022-2521
• https://access.redhat.com/security/cve/CVE-2022-2953
• https://bugzilla.redhat.com/2103222
• https://bugzilla.redhat.com/2122789
• https://bugzilla.redhat.com/2122792
• https://bugzilla.redhat.com/2122799
• https://bugzilla.redhat.com/2134432
• https://errata.almalinux.org/9/ALSA-2023-0302.html