developer.huaweicloud.com
Open in
urlscan Pro
2a02:26f0:f700:4::212:4f04
Public Scan
URL:
https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2161
Submission: On August 03 via api from US — Scanned from DE
Submission: On August 03 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
To get the best possible experience using our website we recommend that you use
the following browsers IE 9.0+ Chrome 31+ Firefox 30+
Developers
* Home
* Open APIs
* SDKs
* Tools
*
*
* 中国站
中国站 - 简体中文 中国站 - English International - 简体中文 International - English
* Console
*
* LogIn
* Register
* * My Account
Unauthenticated
Authenticated
* Billing Center
* Service Tickets
* Unread Messages0
*
* Partner Center
* Seller Center
*
* Log Out
* Products
* Solutions
* Enterprise Intelligence
* Partners
* Support
* About Us
* Console
PRODUCTS
COMPUTING
* Elastic Cloud Server
* GPU-accelerated Cloud Server
* FPGA-accelerated Cloud Server
* Bare Metal Server
* Dedicated Host
* Auto Scaling
* Image Management Service
* Cloud Container Engine
* FunctionGraph
APPLICATION
* ServiceStage
* Application Orchestration Service
* SoftWare Repository
* Cloud Service Engine
* Simple Message Notification
* Distributed Message Service
* Application Performance Management
* API Gateway
DEDICATED CLOUD
* Dedicated Computing Cluster
* Bare Metal Server
* Dedicated Distributed Storage Service
* Dedicated Enterprise Storage Service
* ForeCloud Stack
STORAGE
* Object Storage Service
* Elastic Volume Service
* Volume Backup Service
* Cloud Server Backup Service
* Content Delivery Network
* Scalable File Service
* Data Express Service
MANAGEMENT & DEPLOYMENT
* Cloud Eye
* Log Tank Service
* Identity and Access Management
* Cloud Trace Service
* Resource Template Service
MIGRATION
* Cloud Migration Center
* Server Migration Service
* Object Storage Migration Service
* Cloud Data Migration
* Data Replication Service
NETWORK
* Virtual Private Cloud
* Elastic Load Balance
* NAT Gateway
* Elastic IP
* Direct Connect
* Virtual Private Network
* Domain Name Service
ENTERPRISE INTELLIGENCE
* Machine Learning Service
* Deep Learning Service
* Graph Engine Service
* Cloud Stream Service
* MapReduce Service
* Data Lake Insight
* CloudTable Service
* Data Warehouse Service
* Cloud Search Service
* Optical Character Recognition
* Image Recognition
* Data Lake Factory
VIDEO
* Media Processing Center
* Video on Demand
* Live
* Convergent Video Cloud Service
DATABASE
* RDS for MySQL
* RDS for PostgreSQL
* RDS for SQL Server
* Document Database Service
* Distributed Cache Service for Redis
* Distributed Cache Service for Memcached
* Distributed Database Middleware
* Data Replication Service
EDGE CLOUD SERVICES
* Intelligent EdgeFabric
DEVCLOUD
* ProjectMan
* CodeHub
* CloudPipeline
* CodeCheck
* CloudBuild
* CloudDeploy
* TestMan
* CloudRelease
SECURITY
* Advanced Anti-DDoS
* Web Application Firewall
* Vulnerability Scan Service
* Host Security Service
* Data Encryption Workshop
* Database Security Service
* Security Expert Service
* Situation Awareness
* SSL Certificate Manager
ENTERPRISE APPLICATIONS
* Workspace
CLOUD COMMUNICATIONS
* Meeting
* Contact Center
* Voice Call
* Message & SMS
* Private Number
INTERNET OF THINGS
* IoT Platform
* Intelligent EdgeFabric
SOLUTIONS
INDUSTRY-SPECIFIC SOLUTIONS
* Self-Hosted E-Commerce
* Industry Segments
Appliances and Digital Products
Cross-Border Trade
Apparel and Footware
* Business Process
Aggregated Payment
* Platform Services
Intelligent Recommendations
AR
Function
Manufacturing Digital Transformation
* Business Process
CADaaS
CAEaaS
MESaaS
* Platform Services
Predictive Maintenance
* Gaming
* Business Process
Game Hosting
Financial Omni-Channel
* Industry Segments
Securities Quotes
Insurance Business
Supply Chain Finance
Small Internet-based Loans
* Business Process
Financial Transaction Dual-recording
* Smart Retail
Public Meteorological Service
* Video Surveillance for Retail
Logistics
* Government
Scientific Computing
* Connected Car
Biomedicine
* New-Energy Vehicle Supervision
Medical Image Archiving
* Media Convergence
Chronic Disease Treatment
* Live Interactive Education
Telemedicine
* Intelligent Meter Reading
Medical Image Diagnosis
GENERAL-PURPOSE SOLUTIONS
* Web & Mobile
* HPC Cloud
* SAP Cloud
* IoT Cloud Infrastructure
* Video Cloud Infrastructure
* Cloud Office
* Cloud Migration
* Backup and Archive
* Enterprise Cloud Box
* Multiplex Dedicated Cloud
* X-Connect
SECURITY
* General Security
* Graded Protection
* Game Security
* E-Commerce Security
* Brute Force Attack Prevention
DEVOPS
* Software Training
* Game Development
* E-Commerce Dual-Delivery
ENTERPRISE INTELLIGENCE
ESSENTIAL PLATFORM
* Machine Learning Service
* Deep Learning Service
* Deep Learning HMI
* Graph Engine Service
BIG DATA
* Data Ingestion Service
* Cloud Data Migration
* Cloud Stream Service
* MapReduce Service
* Data Lake Insight
* CloudTable Service
* Data Warehouse Service
* Cloud Search Service
* Data Lake Factory
VISUAL COGNITION
* Optical Character Recognition
* Image Recognition
* Deblur
* Content Moderation
SUPPORT
HELP CENTER
* Documentation
* Self Service
CUSTOMER SERVICES
* Service Notices
* Service Assurance
* Contact Us
DEVELOPERS
* Open APIs
* SDKs
* Tools
ABOUT US
* About HUAWEI CLOUD
* Press Releases
* Success Stories
CONSOLE
语言 - LANGUAGE
中国站 - 简体中文
中国站 - ENGLISH
INTERNATIONAL - 简体中文
INTERNATIONAL - ENGLISH
Search
Security Advisory Detail
EulerOS-SA-2022-2161
Synopsis :libtiff security update
Release Date :2022-07-29 02:34:43
Profile
An update for libtiff is now available for EulerOS V2.0SP10
Severity
Moderate
Topic
An update for libtiff is now available for EulerOS V2.0SP10
EulerOS Security has rated this update as having a security impact of Moderate .
A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed
severity rating, is available for each vulnerability from the CVElink(s) in the
References section.
Description
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file format
for bitmapped images. TIFF files usually end in the .tif extension and they are
often quite large. The libtiff package should be installed if you need to
manipulate TIFF format image files.
Security Fix(es):
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.
This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool,
triggering a stack buffer overflow issue, possibly corrupting the memory, and
causing a crash that leads to a denial of service.(CVE-2022-1355)
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0
allows attackers to cause a denial-of-service via a crafted tiff file. For users
that compile libtiff from sources, the fix is available with commit
f2b656e2.(CVE-2022-0907)
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a
denial-of-service via a crafted tiff file. For users that compile libtiff from
sources, the fix is available with commit 408976c4.(CVE-2022-0924)
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a
denial-of-service via a crafted tiff file. For users that compile libtiff from
sources, the fix is available with commit 5e180045.(CVE-2022-0865)
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a
denial-of-service via a crafted tiff file. For users that compile libtiff from
sources, the fix is available with commit f8d0f9aa.(CVE-2022-0909)
Affected Components
libtiff
Affected Products
EulerOS V2.0SP10
Packages
libtiff-4.1.0-1.h10.eulerosv2r10.src.rpm
libtiff-4.1.0-1.h10.eulerosv2r10.aarch64.rpm
CVE
CVE-2022-0865
CVE-2022-0907
CVE-2022-0909
CVE-2022-0924
CVE-2022-1355
References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0865
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0907
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0909
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0924
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1355
Register Now
* 24/7
service support
* 5-DAY
full refund
* FREE
ICP license service
* FEEDBACK
and complaints
* VIP
services
Service and Support Solutions Marketplace Developers Success Stories Feedback
Ask Us Support Plans Help Center Billing Top Up Pay Offline/Wire Transfer
Request Contract Request Invoice Quick Links Free Registration Management
Console ICP License Service Order Management User Center Price Calculator Icon
Legend Other Links Huawei Corporate Huawei Enterprise Huawei Developer Alliance
Huawei Developer VMALL Careers About Us Contact Us Email Us Pre-Sales
sales@huaweicloud.com
ICP Support
beian@huaweicloud.com
Marketplace
partner@huaweicloud.com
* Legal Notice
* Privacy Statement
Follow Us WeChat Weibo
* +86-4000-955-988
* HUAWEI CLOUD Security
* Security Compliance
* Legal Notice
* Privacy Statement
* Report Indecent Content
* Acceptable Use Policy
* Huawei Cloud Customer Agreement
Copyright © 2018 Huawei Software Technologies Co., Ltd. All Rights Reserved.
Jiangsu ICP Registration Number: 17040376-5 Jiangsu B2-20130048
Jiangsu Public Security Website Registration Number: 32011402010008
* Pre-Sales Support
4000-955-988
Feedback
*