UBUNTU-CVE-2022-0891
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2022-0891
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0891.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-0891
- Related
- Published
- 2022-03-10T17:44:00Z
- Modified
- 2022-03-10T17:44:00Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
- References
-
- https://ubuntu.com/security/CVE-2022-0891
- https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
- https://gitlab.com/libtiff/libtiff/-/issues/380
- https://gitlab.com/libtiff/libtiff/-/issues/382
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
- https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
- https://ubuntu.com/security/notices/USN-5421-1
- https://www.cve.org/CVERecord?id=CVE-2022-0891
Affected packages
Ubuntu:Pro:14.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.3-7ubuntu0.11+esm1?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.3-7ubuntu0.11+esm1
Affected versions
4.*
4.0.2-4ubuntu3
4.0.3-5ubuntu1
4.0.3-6
4.0.3-6ubuntu1
4.0.3-7
4.0.3-7ubuntu0.1
4.0.3-7ubuntu0.2
4.0.3-7ubuntu0.3
4.0.3-7ubuntu0.4
4.0.3-7ubuntu0.6
4.0.3-7ubuntu0.7
4.0.3-7ubuntu0.8
4.0.3-7ubuntu0.9
4.0.3-7ubuntu0.10
4.0.3-7ubuntu0.11
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libtiff-doc": "4.0.3-7ubuntu0.11+esm1",
"libtiff5-dbgsym": "4.0.3-7ubuntu0.11+esm1",
"libtiff-opengl": "4.0.3-7ubuntu0.11+esm1",
"libtiffxx5-dbgsym": "4.0.3-7ubuntu0.11+esm1",
"libtiff4-dev": "4.0.3-7ubuntu0.11+esm1",
"libtiff-opengl-dbgsym": "4.0.3-7ubuntu0.11+esm1",
"libtiff-tools-dbgsym": "4.0.3-7ubuntu0.11+esm1",
"libtiff5": "4.0.3-7ubuntu0.11+esm1",
"libtiff5-alt-dev": "4.0.3-7ubuntu0.11+esm1",
"libtiff-tools": "4.0.3-7ubuntu0.11+esm1",
"libtiffxx5": "4.0.3-7ubuntu0.11+esm1",
"libtiff5-dev": "4.0.3-7ubuntu0.11+esm1"
}
]
}
Ubuntu:Pro:16.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.6-1ubuntu0.8+esm1?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.6-1ubuntu0.8+esm1
Affected versions
4.*
4.0.3-12.3ubuntu2
4.0.5-1
4.0.6-1
4.0.6-1ubuntu0.1
4.0.6-1ubuntu0.2
4.0.6-1ubuntu0.3
4.0.6-1ubuntu0.4
4.0.6-1ubuntu0.5
4.0.6-1ubuntu0.6
4.0.6-1ubuntu0.7
4.0.6-1ubuntu0.8
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libtiff-doc": "4.0.6-1ubuntu0.8+esm1",
"libtiff5-dbgsym": "4.0.6-1ubuntu0.8+esm1",
"libtiff-opengl": "4.0.6-1ubuntu0.8+esm1",
"libtiffxx5-dbgsym": "4.0.6-1ubuntu0.8+esm1",
"libtiff-opengl-dbgsym": "4.0.6-1ubuntu0.8+esm1",
"libtiff-tools-dbgsym": "4.0.6-1ubuntu0.8+esm1",
"libtiff5": "4.0.6-1ubuntu0.8+esm1",
"libtiff-tools": "4.0.6-1ubuntu0.8+esm1",
"libtiffxx5": "4.0.6-1ubuntu0.8+esm1",
"libtiff5-dev": "4.0.6-1ubuntu0.8+esm1"
}
]
}
Ubuntu:18.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.9-5ubuntu0.5?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.9-5ubuntu0.5
Affected versions
4.*
4.0.8-5
4.0.8-6
4.0.9-1
4.0.9-2
4.0.9-3
4.0.9-4
4.0.9-4ubuntu1
4.0.9-5
4.0.9-5ubuntu0.1
4.0.9-5ubuntu0.2
4.0.9-5ubuntu0.3
4.0.9-5ubuntu0.4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libtiff-doc": "4.0.9-5ubuntu0.5",
"libtiff5-dbgsym": "4.0.9-5ubuntu0.5",
"libtiff-opengl": "4.0.9-5ubuntu0.5",
"libtiffxx5-dbgsym": "4.0.9-5ubuntu0.5",
"libtiff-opengl-dbgsym": "4.0.9-5ubuntu0.5",
"libtiff-tools-dbgsym": "4.0.9-5ubuntu0.5",
"libtiff5": "4.0.9-5ubuntu0.5",
"libtiff-dev": "4.0.9-5ubuntu0.5",
"libtiff-tools": "4.0.9-5ubuntu0.5",
"libtiffxx5": "4.0.9-5ubuntu0.5",
"libtiff5-dev": "4.0.9-5ubuntu0.5"
}
]
}
Ubuntu:20.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.1.0+git191117-2ubuntu0.20.04.3?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0+git191117-2ubuntu0.20.04.3
Affected versions
4.*
4.0.10+git191003-1
4.1.0+git191117-1
4.1.0+git191117-2
4.1.0+git191117-2build1
4.1.0+git191117-2ubuntu0.20.04.1
4.1.0+git191117-2ubuntu0.20.04.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libtiff-doc": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff5-dbgsym": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff-opengl": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiffxx5-dbgsym": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff-opengl-dbgsym": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff-tools-dbgsym": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff5": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff-dev": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff-tools": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiffxx5": "4.1.0+git191117-2ubuntu0.20.04.3",
"libtiff5-dev": "4.1.0+git191117-2ubuntu0.20.04.3"
}
]
}
Ubuntu:22.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.3.0-6?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.0-6
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libtiff-doc": "4.3.0-6",
"libtiff5-dbgsym": "4.3.0-6",
"libtiff-opengl": "4.3.0-6",
"libtiffxx5-dbgsym": "4.3.0-6",
"libtiff-opengl-dbgsym": "4.3.0-6",
"libtiff-tools-dbgsym": "4.3.0-6",
"libtiff5": "4.3.0-6",
"libtiff-dev": "4.3.0-6",
"libtiff-tools": "4.3.0-6",
"libtiffxx5": "4.3.0-6",
"libtiff5-dev": "4.3.0-6"
}
]
}