PT-2022-4777 · Libtiff+9 · Libtiff+9

Wangdw.Augustus@Gmail.Com

Published

2022-03-01

Updated

2025-06-03

CVE-2022-0865

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff version 4.3.0

Description The issue is related to a reachable assertion in tiffcp in libtiff, which allows attackers to cause a denial-of-service via a crafted tiff file. This can be exploited by a remote attacker to disrupt service using a specially crafted tiff file.

Recommendations For libtiff version 4.3.0, users who compile libtiff from sources can apply the fix available with commit 5e180045.

Exploit

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2022:7585

ALSA-2022:8194

ALT-PU-2022-2007

ALT-PU-2025-7532

AZL-8967

BDU:2022-05718

CESA-2022_7585

CVE-2022-0865

DSA-5108-1

MGASA-2022-0119

OESA-2022-1607

OPENSUSE-SU-2022_1882-1

OPENSUSE-SU-2024:12057-1

RHSA-2022:7585

RHSA-2022:8194

RHSA-2022_7585

RHSA-2022_8194

RLSA-2022:7585

SUSE-SU-2022:1667-1

SUSE-SU-2022:1882-1

SUSE-SU-2022_1667-1

USN-5421-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

PT-2022-4777 · Libtiff+9 · Libtiff+9

CVE-2022-0865

Weakness Enumeration

Related Identifiers

Affected Products

References · 106