CVE-2022-0562NULL Pointer Dereference in Tiff

CWE-476NULL Pointer DereferenceCWE-908Use of Uninitialized Resource11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Debian TiffLibtiffDebian Linux+3 more
Timeline
PublishedFeb 11
Latest updateJul 20

Description

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlibtiff/libtiff4.0.04.3.0+1
debiandebian/tiff< tiff 4.3.0-4 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35

Patches

Patch: gitlab.comPatch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

5
GHSA
GHSA-q3wp-jqqj-9mvf: The libtiff-42022-07-20
OSV
CVE-2022-34266: The libtiff-42022-07-19
OSV
tiff vulnerabilities2022-05-16
GHSA
GHSA-6ph5-gf8v-wvm9: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread2022-02-12
OSV
CVE-2022-0562: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread2022-02-11

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2022-05-16
Red Hat
libtiff: Null source pointer lead to Denial of Service via crafted TIFF file2022-02-11
Microsoft
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. 2022-02-08
Debian
CVE-2022-0562: tiff - Null source pointer passed as an argument to memcpy() function within TIFFReadDi...2022