what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2022-2953

Status Candidate

Overview

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

Related Files

Debian Security Advisory 5333-1
Posted Jan 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2022-1354, CVE-2022-1355, CVE-2022-1622, CVE-2022-1623, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953
SHA-256 | e8e33bb105428cea88e46086e63362e8bad0286aef80d357f8678c42d5b9f9b6
Red Hat Security Advisory 2023-0302-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0302-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, and double free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2953
SHA-256 | 77a102c672ecfb5e9f34cbefa8f6c86bad324e2a7521e008cb68f55f50d75cdd
Red Hat Security Advisory 2023-0095-01
Posted Jan 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953
SHA-256 | c03e05a4c41c6aa72e39ed4d6f02c63f8fb0a53726b2f3fa368e44b6da42afe5
Ubuntu Security Notice USN-5714-1
Posted Nov 8, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5714-1 - It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

tags | advisory, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2022-2519, CVE-2022-2521, CVE-2022-2868, CVE-2022-2953, CVE-2022-34526, CVE-2022-3570, CVE-2022-3598, CVE-2022-3599, CVE-2022-3627
SHA-256 | 76b0cd3324fd7587f2e4f6b11baed06a16ab927ae3e11d9e8fa610716ee8e985
Debian Security Advisory 5208-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5208-1 - Michael Catanzaro discovered a buffer overflow in the Epiphany web browser.

tags | advisory, web, overflow
systems | linux, debian
advisories | CVE-2022-29536
SHA-256 | d23341ebf5472198b1a93f4fd586704dacaf0011c8c3ad4ad28172856421aae2
Ubuntu Security Notice USN-5561-1
Posted Aug 10, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2022-29536
SHA-256 | 9973ace527cbf32f5526f709c8f797db2c055203bb74e2e7b0d7f3b387c1dd77
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close