Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-1623

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Related bugs and status

CVE-2022-1623 (Candidate) is related to these bugs:

Bug #1971001: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy

Summary				In	Importance	Status
	1971001	Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy		tiff (Ubuntu)	Undecided	In Progress

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://gitlab.com/git...
MISC: https://gitlab.com/lib...
MISC: https://gitlab.com/lib...
CONFIRM: https://security.netap...
FEDORA: FEDORA-2022-ea3ebeff3d
FEDORA: FEDORA-2022-e9fe21d102
GENTOO: GLSA-202210-10
DEBIAN: DSA-5333