CVE-2022-40090

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.4.0

Description The issue is related to the function TIFFReadDirectory() in the libtiff library, which can cause a denial of service when processing a crafted TIFF file. This can allow a remote attacker to exploit the vulnerability, leading to a denial of service. The vulnerability is associated with an infinite loop due to an unreachable exit condition.

Recommendations For versions prior to 4.4.0, update to version 4.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the TIFFReadDirectory() function until a patch is available. Avoid processing untrusted TIFF files with the affected libtiff versions to minimize the risk of exploitation.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2024:2289

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-43645

AZL-45399

BDU:2023-05285

CVE-2022-40090

INFSA-2024_2289

OESA-2023-1599

RHSA-2024:2289

RHSA-2024_2289

SUSE-SU-2023:4736-1

SUSE-SU-2023:4869-1

USN-6512-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Linuxmint

Red Hat

Suse

Ubuntu

Libtiff

CVE-2022-40090

Weakness Enumeration

Related Identifiers

Affected Products

References · 50