CVE-2022-0908
published 2022-03-11CVE-2022-0908: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to…
PriorityP419medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.25%
65.7th percentile
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.3.0-6 (bookworm) | tiff 4.3.0-6 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libtiff | libtiff | <= 4.3.0 | — |
| msrc | cbl2_libtiff_4.3.0-2_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_libtiff_4.4.0-1_on_cbl_mariner_1.0 | — | — |
| tiff_software_distribution | libtiff | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.7HIGH
vendor_redhat7.7HIGH
vendor_ubuntu7.5HIGH
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-09-12·CVSS 7.5
CVE-2022-0907 [HIGH] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
USN-5523-1 fixed several vulnerabilities in LibTIFF. This update
provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909,
CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that LibTIFF was not properly perf orming checks to
guarantee that allocated memory space existed, which could lead to a
NULL pointer dereference via a specially crafted file. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2022-0907, CVE-2022-0908)
It was discovered that LibTIFF was not properly performing checks to
avoid division calculations where the denominator value was zero,
which could lead to an undefined behavio
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-07-19·CVSS 7.5
CVE-2020-19144 [HIGH] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF was not properly performing checks to
guarantee that allocated memory space existed, which could lead to a
NULL pointer dereference via a specially crafted file. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2022-0907, CVE-2022-0908)
It was discovered that LibTIFF was not properly performing checks to
avoid division calculations where the denominator value was zero,
which could lead to an undefined behavior situation via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0909)
It was discovered that LibTIFF was not properly performing bounds
checks, which could lead to an out-of-boun
Red Hat
tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
vendor_redhat·2022-03-11·CVSS 7.7
CVE-2022-0908 [HIGH] CWE-476 tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
A flaw was found in LibTIFF where a NULL source pointer passed as an argument to the memcpy() function within the TIFFFetchNormalTag() in tif_dirread.c. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service.
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected
Package: libtiff (Red Hat Enterprise Linux 7) - Out of support scope
Package: compat-libtiff3 (Red Hat Enterpr
Microsoft
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
vendor_msrc·2022-03-08·CVSS 5.5
CVE-2022-0908 [HIGH] CWE-476 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE
Debian
CVE-2022-0908: tiff - Null source pointer passed as an argument to memcpy() function within TIFFFetchN...
vendor_debian·2022·CVSS 7.7
CVE-2022-0908 [HIGH] CVE-2022-0908: tiff - Null source pointer passed as an argument to memcpy() function within TIFFFetchN...
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Scope: local
bookworm: resolved (fixed in 4.3.0-6)
bullseye: resolved (fixed in 4.2.0-1+deb11u1)
forky: resolved (fixed in 4.3.0-6)
sid: resolved (fixed in 4.3.0-6)
trixie: resolved (fixed in 4.3.0-6)
OSV
tiff vulnerabilities
osv·2022-09-12·CVSS 7.5
CVE-2022-0907 [HIGH] tiff vulnerabilities
tiff vulnerabilities
USN-5523-1 fixed several vulnerabilities in LibTIFF. This update
provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909,
CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that LibTIFF was not properly perf orming checks to
guarantee that allocated memory space existed, which could lead to a
NULL pointer dereference via a specially crafted file. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2022-0907, CVE-2022-0908)
It was discovered that LibTIFF was not properly performing checks to
avoid division calculations where the denominator value was zero,
which could lead to an undefined behavior situation via a specially
crafted file. An attacker could possibl
OSV
tiff vulnerabilities
osv·2022-07-19·CVSS 7.5
CVE-2022-0907 [HIGH] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF was not properly performing checks to
guarantee that allocated memory space existed, which could lead to a
NULL pointer dereference via a specially crafted file. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2022-0907, CVE-2022-0908)
It was discovered that LibTIFF was not properly performing checks to
avoid division calculations where the denominator value was zero,
which could lead to an undefined behavior situation via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0909)
It was discovered that LibTIFF was not properly performing bounds
checks, which could lead to an out-of-bounds read via a specially
crafted file. An attacker could possibly us
GHSA
GHSA-gqxh-jf4f-xfjr: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread
ghsa_unreviewed·2022-03-12
CVE-2022-0908 [MEDIUM] CWE-476 GHSA-gqxh-jf4f-xfjr: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
OSV
CVE-2022-0908: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread
osv·2022-03-11·CVSS 5.5
CVE-2022-0908 [MEDIUM] CVE-2022-0908: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.jsonhttps://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85https://gitlab.com/libtiff/libtiff/-/issues/383https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20220506-0002/https://www.debian.org/security/2022/dsa-5108https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.jsonhttps://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85https://gitlab.com/libtiff/libtiff/-/issues/383https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20220506-0002/https://www.debian.org/security/2022/dsa-5108
2022-03-11
Published