Your submission was sent successfully! Close

CVE-2022-0908

Published: 11 March 2022

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
bionic
Released (4.0.9-5ubuntu0.6)
focal
Released (4.1.0+git191117-2ubuntu0.20.04.4)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(4.3.0-6)
trusty
Released (4.0.3-7ubuntu0.11+esm2)
upstream
Released (4.4.0, 4.3.0-6)
xenial
Released (4.0.6-1ubuntu0.8+esm2)
Patches:
upstream: https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85