PT-2021-8113 · Libtiff+6 · Libtiff+6

Tej Rathi

Published

2021-12-05

Updated

2025-06-03

CVE-2022-1354

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF (affected versions not specified)

Description The issue is related to a heap buffer overflow flaw in the TIFFReadRawDataStriped() function of the tiffinfo.c component in the LibTIFF library. This flaw allows an attacker to cause a denial of service by passing a specially crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and leading to a crash. The TIFFReadRawDataStriped() function is vulnerable to reading beyond the valid boundaries of a data buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2022:8194

ALT-PU-2022-2007

ALT-PU-2022-3428

ALT-PU-2025-7532

BDU:2024-07309

CVE-2022-1354

DLA-3278-1

DSA-5333-1

MGASA-2022-0240

OESA-2022-1747

RHSA-2022:8194

RHSA-2022_8194

USN-5619-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Libtiff

Linuxmint

Red Hat

Ubuntu

PT-2021-8113 · Libtiff+6 · Libtiff+6

CVE-2022-1354

Weakness Enumeration

Related Identifiers

Affected Products

References · 60