CVE-2022-0907

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff version 4.3.0

Description The issue is related to errors in pointer dereferencing, allowing a remote attacker to cause a denial-of-service using a specially crafted tiff file. This can be achieved through the tiffcrop function in libtiff. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For libtiff version 4.3.0, users who compile libtiff from sources can apply the fix available with commit f2b656e2 to resolve the issue. As a temporary workaround, consider disabling the tiffcrop function in libtiff until a patch is available.

Exploit

Fix

DoS

Unchecked Return Value

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-476

Related Identifiers

ALT-PU-2022-2007

ALT-PU-2025-7532

AZL-9020

BDU:2022-05760

CVE-2022-0907

DSA-5108-1

MGASA-2022-0128

OESA-2022-1607

OPENSUSE-SU-2024:12057-1

USN-5523-1

USN-5523-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Libtiff

CVE-2022-0907

Weakness Enumeration

Related Identifiers

Affected Products

References · 60