CVE-2022-22844 LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c if a custom tag and 0x0200 as the second word of the DE field are present.

CVE-2022-22844 LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c if a custom tag and 0x0200 as the second word of the DE field are present.

TIFF files may contain tags with a custom data type. When a TIFF file is opened, special handling may be done with the custom tag, depending on its value. In some cases, the out-of-bounds value was used, which may lead to remote code execution.

In LibreOffice 5.3.3, TIFF images may be opened with malformed tags, which may lead to remote code execution.

CVE-2018-20801 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF file, as demonstrated by a file containing an ImageC87 structure with an invalid length field.

CVE-2018-20802 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF file, as demonstrated by a file containing an ImageC89 structure with an invalid length field.

CVE-2018-20803 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF file, as demonstrated by a file containing an ImageC90 structure with an invalid length field.

CVE-2018-20804 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted T

LibreOffice and Apache OpenOffice

LibreOffice is a free, open-source office productivity suite.
Apache OpenOffice is an office productivity suite based on the OpenOffice software. The two suites share common code and features with minor differences in their user interfaces and feature sets.
After the 2016 Ubuntu 16.04 LTS release, the LibreOffice and Apache OpenOffice suites were updated to version 4.4 with many fixes from upstream projects like KDE Plasma Working Group or Qt which contained security vulnerabilities.

CVE-2018-20801 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF file, as demonstrated by a file containing an ImageC87 structure with an invalid length field.
CVE-2018-20802 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF file, as demonstrated by a file containing an ImageC89 structure with an invalid length field.
CVE-2018-20803 LibreOffice before 5.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF file, as demonstrated by a file containing an ImageC90 structure with an invalid length field.

Fixed in LibreOffice  5.3.4

In LibreOffice 5.3.4, invalid TIFF tags were not handled correctly and caused an out of bounds error.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe