CVE-2022-1056 — Out-of-bounds Read in Tiff

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff Msrc Cbl2 Libtiff 4.3.0-2 ON CBL Mariner 2.0 +2 more

Timeline

PublishedMar 28

Latest updateMar 29

Description

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5libtiff/libtiff=4.3.0

▶NVDlibtiff/libtiff4.3.0

▶msrcmsrc/cbl2_libtiff_4.3.0-2_on_cbl_mariner_2.0

▶debiandebian/tiff< tiff 4.4.0~rc1-1 (bookworm)

▶msrcmsrc/cbl_mariner_2.0_arm

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-2ggh-mqg8-7mvr: Out-of-bounds Read error in tiffcrop in libtiff 4↗2022-03-29

▶

OSV

CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4↗2022-03-28

▶

📋Vendor Advisories

Microsoft

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commi↗2022-03-08

▶

Red Hat

libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c↗2022-03-01

▶

Debian

CVE-2022-1056: tiff - Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause ...↗2022

▶