Ubuntu Security Notice 5705-1 - Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. It was discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service.
0e0e0b478ae1ff232568c8d098dc7e94b9549adef2017da35830d5fbba1803f8
==========================================================================
Ubuntu Security Notice USN-5705-1
October 27, 2022
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
Chintan Shah discovered that LibTIFF incorrectly handled memory in
certain conditions. An attacker could trick a user into processing a
specially crafted image file and potentially use this issue to allow for
information disclosure or to cause the application to crash.
(CVE-2022-3570)
It was discovered that LibTIFF incorrectly handled memory in certain
conditions. An attacker could trick a user into processing a specially
crafted tiff file and potentially use this issue to cause a denial of
service. (CVE-2022-3598)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libtiff-tools 4.0.6-1ubuntu0.8+esm6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5705-1
CVE-2022-3570, CVE-2022-3598