Your submission was sent successfully! Close

CVE-2022-0909

Published: 11 March 2022

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
bionic
Released (4.0.9-5ubuntu0.6)
focal
Released (4.1.0+git191117-2ubuntu0.20.04.4)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(4.3.0-6)
kinetic Not vulnerable
(4.4.0~rc1-1)
trusty
Released (4.0.3-7ubuntu0.11+esm2)
upstream
Released (4.4.0, 4.3.0-6)
xenial
Released (4.0.6-1ubuntu0.8+esm2)
Patches:
upstream: https://gitlab.com/libtiff/libtiff/-/commit/f8d0f9aa1ba04c9ae3bfe869a18141a8b8117ad7