CVE-2022-0562

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions 4.0 through 4.3.0

Description The issue is related to errors in pointer dereferencing in the TIFFReadDirectory() function of the LibTIFF library, specifically in the tif dirread.c component. This can be exploited by a remote attacker using a specially crafted TIFF file, potentially leading to a denial of service. The vulnerability is caused by a null source pointer being passed as an argument to the memcpy() function within TIFFReadDirectory().

Recommendations For libtiff versions 4.0 through 4.3.0, apply the fix available with commit 561599c for users compiling libtiff from sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2022:7585

ALSA-2022:8194

ALT-PU-2022-2007

ALT-PU-2022-3428

ALT-PU-2025-7532

AZL-44088

AZL-8529

BDU:2022-05758

CESA-2022_7585

CVE-2022-0562

DLA-2932-1

DSA-5108-1

MGASA-2022-0087

OESA-2022-1551

OESA-2022-2067

OPENSUSE-SU-2022_1882-1

OPENSUSE-SU-2024:12057-1

RHSA-2022:7585

RHSA-2022:8194

RHSA-2022_7585

RHSA-2022_8194

RLSA-2022:7585

SUSE-SU-2022:1667-1

SUSE-SU-2022:1882-1

SUSE-SU-2022_1667-1

USN-5421-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

CVE-2022-0562

Weakness Enumeration

Related Identifiers

Affected Products

References · 117