CVE-2022-1622 The libTIFF master branch has an out-of-bounds read in LZWDecode that can cause a denial-of-service.

CVE-2022-1622 The libTIFF master branch has an out-of-bounds read in LZWDecode that can cause a denial-of-service.

For users that use the Debian Jessie package, the fix is available via the libtiff-debian Jessie backport repository. This issue has been assigned the identifier CVE-2017-7796. libtiff is a widely used library for manipulating TIFF images, including reading and writing of LZW-encoded TIFF images. libtiff version 1.4.x is vulnerable to an out-of-bounds read in LZWDecode allowing an attacker to cause a denial-of-service. The specific libtiff version in Debian Jessie is 6:1.4-5. For Debian 7 users, the current libtiff version is 5:1.4-5. For Debian 8 users, the current libtiff version is 6:1.4-5. ------------------------END OF SETUP INFORMATION------------------------ A number of libtiff packages were updated in Debian Jessie on March 02, 2018 to fix this issue. For Debian 7 users, the current libtiff version is 5:1.4-5. For Debian 8 users, the current libtiff version is 6:1.4-5. ------------------------END OF SETUP INFORMATION------------------------ ------------------------END OF RESOLUTION INFORMATION------------------------ The libtiff package in Debian Jessie was updated to version 5:1.4-5 (bsc#1052685). ------------------------END

Summary

For users that use the Debian Jessie package, their fix is available via the libtiff-debian Jessie backport repository. For Debian 7 users, their current libtiff version is 5:1.4-5 (bsc#1052685). For Debian 8 users, their current libtiff version is 6:1.4-5 (bsc#1052685).

The issue has been assigned the identifier CVE-2017-7796.

References

- https://security.debian.org/CVE-2017-7796
-"Debian Jessie package libtiff-debian Jessie backport repository"
-"Libtiff version 1.4.x is vulnerable to an out-of-bounds read in LZWDecode allowing an attacker to cause a denial-of-service."
-"For Debian 7 users, the current libtiff version is 5:1.4-5."
-"For Debian 8 users, the current libtiff version is 6:1.4-5."

System requirements

Debian Jessie is a free operating system.

Debian 8.0 Jessie

Debian 8.0 Jessie was updated, on March 02, 2018, to fix this issue. For Debian 7 users, the current libtiff version is 5:1.4-5. For Debian 8 users, the current libtiff version is 6:1.4-5.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe