CVE-2022-2057
published 2022-06-30CVE-2022-2057: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from…
PriorityP424medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.21%
64.6th percentile
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.4.0-3 (bookworm) | tiff 4.4.0-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| msrc | cbl2_libtiff_4.4.0-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_libtiff_4.4.0-6_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_msrc6.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
tiff vulnerabilities
osv·2022-09-20·CVSS 7.5
CVE-2020-19131 [HIGH] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF was not properly performing the calculation
of data that would eventually be used as a reference for bound-checking
operations. An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected Ubuntu
18.04 LTS. (CVE-2020-19131)
It was discovered that LibTIFF was not properly terminating a function
execution when processing incorrect data. An attacker could possibly use
this issue to cause a denial of service or to expose sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144)
It was discovered that LibTIFF did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted TIFF
file using tiffinf
GHSA
GHSA-5prh-234x-frc5: Divide By Zero error in tiffcrop in libtiff 4
ghsa_unreviewed·2022-07-01
CVE-2022-2057 [MEDIUM] CWE-369 GHSA-5prh-234x-frc5: Divide By Zero error in tiffcrop in libtiff 4
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
OSV
CVE-2022-2057: Divide By Zero error in tiffcrop in libtiff 4
osv·2022-06-30·CVSS 6.5
CVE-2022-2057 [MEDIUM] CVE-2022-2057: Divide By Zero error in tiffcrop in libtiff 4
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-09-20·CVSS 7.5
CVE-2020-19144 [HIGH] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF was not properly performing the calculation
of data that would eventually be used as a reference for bound-checking
operations. An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected Ubuntu
18.04 LTS. (CVE-2020-19131)
It was discovered that LibTIFF was not properly terminating a function
execution when processing incorrect data. An attacker could possibly use
this issue to cause a denial of service or to expose sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144)
It was discovered that LibTIFF did not properly manage memory under certain
circumstances. If a user we
Red Hat
libtiff: division by zero issues in tiffcrop
vendor_redhat·2022-06-30·CVSS 5.5
CVE-2022-2057 [MEDIUM] CWE-369 libtiff: division by zero issues in tiffcrop
libtiff: division by zero issues in tiffcrop
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file.
Package: libtiff (Red Hat Enterprise Linux 6) - Out of support scope
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: libtiff (Red Hat Enterprise Linux 7) - Out of support scope
Package: compat-libtiff3 (Red Hat Enterprise Linux 8) - Will not fix
Microsoft
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f3
vendor_msrc·2022-06-14·CVSS 6.5
CVE-2022-2057 [MEDIUM] CWE-369 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f3
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f3a5e010.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will upd
Debian
CVE-2022-2057: tiff - Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a de...
vendor_debian·2022·CVSS 5.5
CVE-2022-2057 [MEDIUM] CVE-2022-2057: tiff - Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a de...
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Scope: local
bookworm: resolved (fixed in 4.4.0-3)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed in 4.4.0-3)
sid: resolved (fixed in 4.4.0-3)
trixie: resolved (fixed in 4.4.0-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/427https://gitlab.com/libtiff/libtiff/-/merge_requests/346https://lists.debian.org/debian-lts-announce/2023/01/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/https://security.netapp.com/advisory/ntap-20220826-0001/https://www.debian.org/security/2023/dsa-5333https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/427https://gitlab.com/libtiff/libtiff/-/merge_requests/346https://lists.debian.org/debian-lts-announce/2023/01/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/https://security.netapp.com/advisory/ntap-20220826-0001/https://www.debian.org/security/2023/dsa-5333
2022-06-30
Published