OESA-2022-1594
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1594
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1594.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1594
- Upstream
- Published
- 2022-03-26T11:03:40Z
- Modified
- 2025-08-12T05:11:17.877852Z
- Summary
- libtiff security update
- Details
-
This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.
Security Fix(es):
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-0891)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / libtiff
Package
- Name
- libtiff
- Purl
- pkg:rpm/openEuler/libtiff&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0-7.oe1
Ecosystem specific
{
"src": [
"libtiff-4.1.0-7.oe1.src.rpm"
],
"noarch": [
"libtiff-help-4.1.0-7.oe1.noarch.rpm"
],
"x86_64": [
"libtiff-4.1.0-7.oe1.x86_64.rpm",
"libtiff-debugsource-4.1.0-7.oe1.x86_64.rpm",
"libtiff-devel-4.1.0-7.oe1.x86_64.rpm",
"libtiff-debuginfo-4.1.0-7.oe1.x86_64.rpm"
],
"aarch64": [
"libtiff-debugsource-4.1.0-7.oe1.aarch64.rpm",
"libtiff-4.1.0-7.oe1.aarch64.rpm",
"libtiff-debuginfo-4.1.0-7.oe1.aarch64.rpm",
"libtiff-devel-4.1.0-7.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP2 / libtiff
Package
- Name
- libtiff
- Purl
- pkg:rpm/openEuler/libtiff&distro=openEuler-20.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0-7.oe1
Ecosystem specific
{
"src": [
"libtiff-4.1.0-7.oe1.src.rpm"
],
"noarch": [
"libtiff-help-4.1.0-7.oe1.noarch.rpm"
],
"x86_64": [
"libtiff-debuginfo-4.1.0-7.oe1.x86_64.rpm",
"libtiff-4.1.0-7.oe1.x86_64.rpm",
"libtiff-devel-4.1.0-7.oe1.x86_64.rpm",
"libtiff-debugsource-4.1.0-7.oe1.x86_64.rpm"
],
"aarch64": [
"libtiff-devel-4.1.0-7.oe1.aarch64.rpm",
"libtiff-4.1.0-7.oe1.aarch64.rpm",
"libtiff-debuginfo-4.1.0-7.oe1.aarch64.rpm",
"libtiff-debugsource-4.1.0-7.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP3 / libtiff
Package
- Name
- libtiff
- Purl
- pkg:rpm/openEuler/libtiff&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0-7.oe1
Ecosystem specific
{
"src": [
"libtiff-4.1.0-7.oe1.src.rpm"
],
"noarch": [
"libtiff-help-4.1.0-7.oe1.noarch.rpm"
],
"x86_64": [
"libtiff-debuginfo-4.1.0-7.oe1.x86_64.rpm",
"libtiff-4.1.0-7.oe1.x86_64.rpm",
"libtiff-debugsource-4.1.0-7.oe1.x86_64.rpm",
"libtiff-devel-4.1.0-7.oe1.x86_64.rpm"
],
"aarch64": [
"libtiff-4.1.0-7.oe1.aarch64.rpm",
"libtiff-debuginfo-4.1.0-7.oe1.aarch64.rpm",
"libtiff-debugsource-4.1.0-7.oe1.aarch64.rpm",
"libtiff-devel-4.1.0-7.oe1.aarch64.rpm"
]
}