CVE-2022-0562
published 2022-02-11CVE-2022-0562: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to…
PriorityP419medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.25%
65.7th percentile
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.3.0-4 (bookworm) | tiff 4.3.0-4 (bookworm) |
| fedoraproject | fedora | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | 4.0.0 – 4.3.0 | — |
| msrc | cbl2_libtiff_4.3.0-2_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_libtiff_4.1.0-3_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-05-16·CVSS 5.5
CVE-2022-0891 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. T
Red Hat
libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
vendor_redhat·2022-02-11·CVSS 5.5
CVE-2022-0562 [MEDIUM] CWE-476 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy() function within the TIFFReadDirectory() in tif_dirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service.
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected
Package: libtif
Microsoft
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file.
vendor_msrc·2022-02-08·CVSS 5.5
CVE-2022-0562 [MEDIUM] CWE-476 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources a fix is available with commit 561599c.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for m
Debian
CVE-2022-0562: tiff - Null source pointer passed as an argument to memcpy() function within TIFFReadDi...
vendor_debian·2022·CVSS 5.5
CVE-2022-0562 [MEDIUM] CVE-2022-0562: tiff - Null source pointer passed as an argument to memcpy() function within TIFFReadDi...
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Scope: local
bookworm: resolved (fixed in 4.3.0-4)
bullseye: resolved (fixed in 4.2.0-1+deb11u1)
forky: resolved (fixed in 4.3.0-4)
sid: resolved (fixed in 4.3.0-4)
trixie: resolved (fixed in 4.3.0-4)
GHSA
GHSA-q3wp-jqqj-9mvf: The libtiff-4
ghsa_unreviewed·2022-07-20·CVSS 5.5
CVE-2022-34266 [MEDIUM] CWE-908 GHSA-q3wp-jqqj-9mvf: The libtiff-4
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
OSV
CVE-2022-34266: The libtiff-4
osv·2022-07-19·CVSS 5.5
CVE-2022-34266 [MEDIUM] CVE-2022-34266: The libtiff-4
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
OSV
tiff vulnerabilities
osv·2022-05-16·CVSS 5.5
CVE-2020-35522 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubunt
GHSA
GHSA-6ph5-gf8v-wvm9: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread
ghsa_unreviewed·2022-02-12
CVE-2022-0562 [MEDIUM] CWE-476 GHSA-6ph5-gf8v-wvm9: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
OSV
CVE-2022-0562: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread
osv·2022-02-11·CVSS 5.5
CVE-2022-0562 [MEDIUM] CVE-2022-0562: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586bhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/362https://lists.debian.org/debian-lts-announce/2022/03/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20220318-0001/https://www.debian.org/security/2022/dsa-5108https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586bhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/362https://lists.debian.org/debian-lts-announce/2022/03/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20220318-0001/https://www.debian.org/security/2022/dsa-5108
2022-02-11
Published