Overview

File _patchinfo of Package patchinfo.22626

<patchinfo incident="22626">
  <issue tracker="bnc" id="1071031">VUL-0: CVE-2017-17095: tiff: tools/pal2rgb.c in pal2rgb allows remote attackers to cause DoS (TIFFSetupStrips heap-based buffer overflow and application crash)</issue>
  <issue tracker="bnc" id="1154365">VUL-1: CVE-2019-17546: tiff: integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image</issue>
  <issue tracker="bnc" id="1182808">VUL-1: CVE-2020-35521: tiff: Memory allocation failure in tif_read.c</issue>
  <issue tracker="bnc" id="1182809">VUL-1: CVE-2020-35522: tiff: Memory allocation failure in tif_pixarlog.c</issue>
  <issue tracker="bnc" id="1182811">VUL-0: CVE-2020-35523: tiff: Integer overflow in tif_getimage.c</issue>
  <issue tracker="bnc" id="1182812">VUL-0: CVE-2020-35524: tiff: Heap-based buffer overflow in TIFF2PDF tool</issue>
  <issue tracker="bnc" id="1190312">VUL-0: CVE-2020-19131: tiff: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".</issue>
  <issue tracker="bnc" id="1194539">VUL-1: CVE-2022-22844: tiff: out-of-bounds read in _TIFFmemcpy in tif_unix.c</issue>
  <issue tracker="cve" id="2017-17095"/>
  <issue tracker="cve" id="2019-17546"/>
  <issue tracker="cve" id="2020-19131"/>
  <issue tracker="cve" id="2020-35521"/>
  <issue tracker="cve" id="2020-35522"/>
  <issue tracker="cve" id="2020-35523"/>
  <issue tracker="cve" id="2020-35524"/>
  <issue tracker="cve" id="2022-22844"/>
  <packager>mvetter</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tiff</summary>
  <description>This update for tiff fixes the following issues:

- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places