CVE-2022-34526

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tiffsplit versions 4.4.0 and earlier

Description The issue is related to a stack overflow in the TIFFVGetField function of the LibTIFF library, which can be exploited by an attacker to cause a Denial of Service (DoS) using a specially crafted TIFF file. This can be achieved when the file is parsed by utilities such as tiffsplit or tiffcrop.

Recommendations For Tiffsplit version 4.4.0 and earlier, consider updating to a version that fixes the issue in the TIFFVGetField function to prevent potential Denial of Service attacks. As a temporary workaround, restrict the use of tiffsplit and tiffcrop utilities until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2022-3360

ALT-PU-2022-3428

ALT-PU-2025-7185

ALT-PU-2025-7532

AZL-10441

AZL-45351

BDU:2023-09091

CVE-2022-34526

DLA-3278-1

DSA-5333-1

MGASA-2022-0284

OPENSUSE-SU-2022_3690-1

OPENSUSE-SU-2024:12226-1

SUSE-SU-2022:3679-1

SUSE-SU-2022:3690-1

USN-5714-1

Affected Products

Alt Linux

Astra Linux

Libtiff

Linuxmint

Suse

Tiffsplit

Ubuntu

CVE-2022-34526

Weakness Enumeration

Related Identifiers

Affected Products

References · 70