CVE-2022-34266

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.3-35.amzn2.0.1

Description The issue is related to the processing of malicious TIFF files, which can cause a denial of service (application crash). Specifically, an invalid range may be passed as an argument to the memset() function within the TIFFFetchStripThing() function in tif dirread.c, leading to a segfault after the use of an uninitialized resource. This occurs when the TIFFFetchStripThing() function is used to handle TIFF files, potentially allowing an attacker to exploit the vulnerability and cause a service disruption.

Recommendations For LibTIFF version 4.0.3-35.amzn2.0.1, consider avoiding the use of the TIFFFetchStripThing() function until a patch is available, or restrict access to the tif dirread.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.