PT-2022-4785 · Libtiff+9 · Libtiff+9

4Ugustus

Published

2022-03-11

Updated

2025-06-03

CVE-2022-0924

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff version 4.3.0

Description The issue is related to an out-of-bounds read error in the tiffcp component of libtiff, which allows attackers to cause a denial-of-service via a crafted tiff file. This can be exploited by a remote attacker to disrupt service.

Recommendations For version 4.3.0, users who compile libtiff from sources can apply the fix available with commit 408976c4.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:7585

ALSA-2022:8194

ALT-PU-2022-2007

ALT-PU-2025-7532

AZL-9023

BDU:2022-05726

CESA-2022_7585

CVE-2022-0924

DSA-5108-1

MGASA-2022-0119

OESA-2022-1607

OPENSUSE-SU-2022_1882-1

OPENSUSE-SU-2024:12057-1

RHSA-2022:7585

RHSA-2022:8194

RHSA-2022_7585

RHSA-2022_8194

RLSA-2022:7585

SUSE-SU-2022:1667-1

SUSE-SU-2022:1882-1

SUSE-SU-2022_1667-1

USN-5523-1

USN-5523-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

PT-2022-4785 · Libtiff+9 · Libtiff+9

CVE-2022-0924

Weakness Enumeration

Related Identifiers

Affected Products

References · 111