PT-2022-4805 · Libtiff+9 · Libtiff+9

Chintan Shah

Published

2022-02-11

Updated

2025-06-03

CVE-2022-0561

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions 3.9.0 through 4.3.0

Description The issue is related to a null source pointer being passed as an argument to the memcpy() function within the TIFFFetchStripThing() function in tif dirread.c in libtiff. This could lead to a Denial of Service via a crafted TIFF file. A remote attacker could exploit this issue to cause a denial of service.

Recommendations For libtiff versions 3.9.0 through 4.3.0, users who compile libtiff from sources can apply the fix available with commit eecb0712. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2022:7585

ALSA-2022:8194

ALSA-2022_7585

ALSA-2022_8194

ALT-PU-2022-2007

ALT-PU-2022-3428

ALT-PU-2025-7532

AZL-44223

AZL-8527

BDU:2022-05790

CESA-2022_7585

CVE-2022-0561

DLA-2932-1

DSA-5108-1

MGASA-2022-0087

OESA-2022-1551

OESA-2022-2067

OPENSUSE-SU-2022_1882-1

OPENSUSE-SU-2022_3690-1

OPENSUSE-SU-2024:12057-1

RHSA-2022:7585

RHSA-2022:8194

RHSA-2022_7585

RHSA-2022_8194

RLSA-2022:7585

SUSE-SU-2022:1667-1

SUSE-SU-2022:1882-1

SUSE-SU-2022:3679-1

SUSE-SU-2022:3690-1

SUSE-SU-2022_1667-1

SUSE-SU-2022_1882-1

SUSE-SU-2022_3679-1

SUSE-SU-2022_3690-1

USN-5421-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

PT-2022-4805 · Libtiff+9 · Libtiff+9

CVE-2022-0561

Weakness Enumeration

Related Identifiers

Affected Products

References · 134