Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Redhat
  • Enterprise Linux
Netapp
  • Ontap Select Deploy Administration Utility
Fedoraproject
  • Fedora
Debian
  • Debian Linux
Libtiff
  • Libtiff

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
References
Link Resource
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef Patch Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/362 Exploit Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/
https://security.gentoo.org/glsa/202210-10 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0001/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5108 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2022-02-11T00:00:00

Updated: 2022-10-31T00:00:00

Reserved: 2022-02-10T00:00:00

Link: CVE-2022-0561

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2022-02-11T18:15:11.033

Modified: 2023-11-07T03:41:23.230

Link: CVE-2022-0561

JSON object: View

cve-icon Redhat Information

No data.

CWE