{"id":"ALSA-2023:0302","summary":"Moderate: libtiff security update","details":"The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)\n* libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)\n* libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)\n* libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)\n* libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T01:27:45.215817Z","published":"2023-01-23T00:00:00Z","related":["CVE-2022-2056","CVE-2022-2057","CVE-2022-2058","CVE-2022-2519","CVE-2022-2520","CVE-2022-2521","CVE-2022-2953"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2056"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2057"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2058"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2519"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2520"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2521"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2953"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2103222"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2122789"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2122792"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2122799"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2134432"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2023-0302.html"}],"affected":[{"package":{"name":"libtiff","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libtiff"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-5.el9_1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:0302.json"}},{"package":{"name":"libtiff-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libtiff-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-5.el9_1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:0302.json"}},{"package":{"name":"libtiff-tools","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libtiff-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-5.el9_1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:0302.json"}}],"schema_version":"1.7.3"}