Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
References
Link | Resource |
---|---|
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef | Patch Third Party Advisory |
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json | Third Party Advisory |
https://gitlab.com/libtiff/libtiff/-/issues/362 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/ | |
https://security.gentoo.org/glsa/202210-10 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220318-0001/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5108 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2022-02-11T00:00:00
Updated: 2022-10-31T00:00:00
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-0561
JSON object: View
NVD Information
Status : Modified
Published: 2022-02-11T18:15:11.033
Modified: 2023-11-07T03:41:23.230
Link: CVE-2022-0561
JSON object: View
Redhat Information
No data.
CWE