Lucene search
AmazonALAS2-2023-2212HistoryAug 17, 2023 - 11:58 a.m.
Medium: libtiff
2023-08-1711:58:00
alas.aws.amazon.com
9
denial-of-service
crafted tiff file
out-of-bounds write
libtiff 4.4.0
cve-2022-3627
red hat
mitre
unix
system update
0.006 Low
EPSS
Percentile
78.7%
Issue Overview:
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. (CVE-2022-3627)
Affected Packages:
libtiff
Issue Correction:
Run yum update libtiff to update your system.
New Packages:
aarch64:
libtiff-4.0.3-35.amzn2.0.9.aarch64
libtiff-devel-4.0.3-35.amzn2.0.9.aarch64
libtiff-static-4.0.3-35.amzn2.0.9.aarch64
libtiff-tools-4.0.3-35.amzn2.0.9.aarch64
libtiff-debuginfo-4.0.3-35.amzn2.0.9.aarch64
i686:
libtiff-4.0.3-35.amzn2.0.9.i686
libtiff-devel-4.0.3-35.amzn2.0.9.i686
libtiff-static-4.0.3-35.amzn2.0.9.i686
libtiff-tools-4.0.3-35.amzn2.0.9.i686
libtiff-debuginfo-4.0.3-35.amzn2.0.9.i686
src:
libtiff-4.0.3-35.amzn2.0.9.src
x86_64:
libtiff-4.0.3-35.amzn2.0.9.x86_64
libtiff-devel-4.0.3-35.amzn2.0.9.x86_64
libtiff-static-4.0.3-35.amzn2.0.9.x86_64
libtiff-tools-4.0.3-35.amzn2.0.9.x86_64
libtiff-debuginfo-4.0.3-35.amzn2.0.9.x86_64
Additional References
Red Hat: CVE-2022-3627
Mitre: CVE-2022-3627
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | libtiff | < 4.0.3-35.amzn2.0.9 | libtiff-4.0.3-35.amzn2.0.9.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libtiff-devel | < 4.0.3-35.amzn2.0.9 | libtiff-devel-4.0.3-35.amzn2.0.9.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libtiff-static | < 4.0.3-35.amzn2.0.9 | libtiff-static-4.0.3-35.amzn2.0.9.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libtiff-tools | < 4.0.3-35.amzn2.0.9 | libtiff-tools-4.0.3-35.amzn2.0.9.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libtiff-debuginfo | < 4.0.3-35.amzn2.0.9 | libtiff-debuginfo-4.0.3-35.amzn2.0.9.aarch64.rpm |
| Amazon Linux | 2 | i686 | libtiff | < 4.0.3-35.amzn2.0.9 | libtiff-4.0.3-35.amzn2.0.9.i686.rpm |
| Amazon Linux | 2 | i686 | libtiff-devel | < 4.0.3-35.amzn2.0.9 | libtiff-devel-4.0.3-35.amzn2.0.9.i686.rpm |
| Amazon Linux | 2 | i686 | libtiff-static | < 4.0.3-35.amzn2.0.9 | libtiff-static-4.0.3-35.amzn2.0.9.i686.rpm |
| Amazon Linux | 2 | i686 | libtiff-tools | < 4.0.3-35.amzn2.0.9 | libtiff-tools-4.0.3-35.amzn2.0.9.i686.rpm |
| Amazon Linux | 2 | i686 | libtiff-debuginfo | < 4.0.3-35.amzn2.0.9 | libtiff-debuginfo-4.0.3-35.amzn2.0.9.i686.rpm |
Related
cbl_mariner
cbl_mariner
CVE-2022-3627 affecting package libtiff 4.4.0-4
2022-11-24 00:45:37
CVE-2022-3627 affecting package libtiff for versions less than 4.4.0-6
2022-11-30 04:44:03
cve
cve
CVE-2022-3627
2022-10-21 16:15:11
osv
osv
CVE-2022-3627
2022-10-21 16:15:11
Moderate: libtiff security update
2023-05-16 00:00:00
Moderate: libtiff security update
2023-05-09 00:00:00
nvd
nvd
CVE-2022-3627
2022-10-21 16:15:11
prion
prion
Out-of-bounds
2022-10-21 16:15:00
ubuntucve
ubuntucve
CVE-2022-3627
2022-10-21 00:00:00
redhatcve
redhatcve
CVE-2022-3627
2022-11-28 10:26:11
cnvd
cnvd
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72091)
2022-10-25 00:00:00
alpinelinux
alpinelinux
CVE-2022-3627
2022-10-21 16:15:11
cvelist
cvelist
CVE-2022-3627
2022-10-21 00:00:00
debiancve
debiancve
CVE-2022-3627
2022-10-21 16:15:11
veracode
veracode
Denial Of Service (DoS)
2022-10-24 06:05:39
nessus
nessus
RHEL 8 : libtiff (RHSA-2023:2883)
2023-05-16 00:00:00
Oracle Linux 8 : libtiff (ELSA-2023-2883)
2023-05-24 00:00:00
oraclelinux
oraclelinux
libtiff security update
2023-05-24 00:00:00
libtiff security update
2023-05-15 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-05-16 00:00:00
Moderate: libtiff security update
2023-05-09 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2023:2883) Moderate: libtiff security update
2023-05-16 05:57:15
(RHSA-2023:3813) Moderate: Migration Toolkit for Runtimes security update
2023-06-27 10:52:18
(RHSA-2023:2340) Moderate: libtiff security update
2023-05-09 05:07:52
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-11-13 05:25:20
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0424)
2022-11-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4248-1)
2022-11-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4259-1)
2022-11-29 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-0516
2023-01-14 00:00:00
Moderate Photon OS Security Update - PHSA-2023-0307
2023-01-04 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0516
2023-01-14 00:00:00
amazon
amazon
Medium: libtiff
2023-08-17 11:58:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.4.0-alt2
2022-12-27 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-11-08 00:00:00
cloudfoundry
cloudfoundry
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
debian
debian
[SECURITY] [DLA 3278-1] tiff security update
2023-01-20 22:37:38
[SECURITY] [DSA 5333-1] tiff security update
2023-01-29 12:55:02