Your submission was sent successfully! Close

CVE-2022-0924

Published: 11 March 2022

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
bionic
Released (4.0.9-5ubuntu0.6)
focal
Released (4.1.0+git191117-2ubuntu0.20.04.4)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(4.3.0-6)
trusty
Released (4.0.3-7ubuntu0.11+esm2)
upstream
Released (4.4.0, 4.3.0-6)
xenial
Released (4.0.6-1ubuntu0.8+esm2)
Patches:
upstream: https://gitlab.com/libtiff/libtiff/-/commit/408976c44ef0aad975e0d1b6c6dc80d60f9dc665