CVE-2022-0865
published 2022-03-10CVE-2022-0865: Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from…
PriorityP424medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.48%
70.6th percentile
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.3.0-5 (bookworm) | tiff 4.3.0-5 (bookworm) |
| fedoraproject | fedora | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| msrc | cbl2_libtiff_4.3.0-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-05-16·CVSS 5.5
CVE-2022-0891 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. T
Microsoft
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 5e180
vendor_msrc·2022-03-08·CVSS 6.5
CVE-2022-0865 [MEDIUM] CWE-617 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 5e180
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 5e180045.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update
Red Hat
libtiff: reachable assertion
vendor_redhat·2022-03-01·CVSS 5.5
CVE-2022-0865 [MEDIUM] CWE-617 libtiff: reachable assertion
libtiff: reachable assertion
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism and conditions around this issue are dependent on how the application uses libtiff.
Mitigation: Applications that do not parse files from untrusted/malicious sources will not be affected by this vulnerability.
Package: libtiff (Red Hat Enterprise Linux 6) - Out of
Debian
CVE-2022-0865: tiff - Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denia...
vendor_debian·2022·CVSS 5.5
CVE-2022-0865 [MEDIUM] CVE-2022-0865: tiff - Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denia...
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
Scope: local
bookworm: resolved (fixed in 4.3.0-5)
bullseye: resolved (fixed in 4.2.0-1+deb11u1)
forky: resolved (fixed in 4.3.0-5)
sid: resolved (fixed in 4.3.0-5)
trixie: resolved (fixed in 4.3.0-5)
OSV
tiff vulnerabilities
osv·2022-05-16·CVSS 5.5
CVE-2020-35522 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubunt
GHSA
GHSA-6x45-qmh6-q92p: Reachable Assertion in tiffcp in libtiff 4
ghsa_unreviewed·2022-03-11
CVE-2022-0865 [MEDIUM] CWE-617 GHSA-6x45-qmh6-q92p: Reachable Assertion in tiffcp in libtiff 4
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
OSV
CVE-2022-0865: Reachable Assertion in tiffcp in libtiff 4
osv·2022-03-10·CVSS 6.5
CVE-2022-0865 [MEDIUM] CVE-2022-0865: Reachable Assertion in tiffcp in libtiff 4
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/385https://gitlab.com/libtiff/libtiff/-/merge_requests/306https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20221228-0008/https://www.debian.org/security/2022/dsa-5108https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/385https://gitlab.com/libtiff/libtiff/-/merge_requests/306https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20221228-0008/https://www.debian.org/security/2022/dsa-5108
2022-03-10
Published