Advisories » MGASA-2022-0448

Updated libtiff packages fix security vulnerability

Publication date: 06 Dec 2022
Modification date: 06 Dec 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-3970

Description

A vulnerability was found in LibTIFF. It has been classified as critical.
This affects the function TIFFReadRGBATileExt of the file
libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is
possible to initiate the attack remotely. (CVE-2022-3970)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31188
• https://ubuntu.com/security/notices/USN-5743-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

SRPMS

8/core

• libtiff-4.2.0-1.12.mga8