Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-0561

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

Related bugs and status

CVE-2022-0561 (Candidate) is related to these bugs:

Bug #1971001: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy

Summary				In	Importance	Status
	1971001	Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy		tiff (Ubuntu)	Undecided	In Progress

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://gitlab.com/git...
MISC: https://gitlab.com/fre...
MISC: https://gitlab.com/lib...
FEDORA: FEDORA-2022-df1df6debd
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...
DEBIAN: DSA-5108
GENTOO: GLSA-202210-10