Your submission was sent successfully! Close

CVE-2022-1056

Published: 28 March 2022

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

Notes

AuthorNote
ccdm94
the fix for this CVE seems to be the same as the fix for
CVE-2022-0891.
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
bionic
Released (4.0.9-5ubuntu0.5)
focal
Released (4.1.0+git191117-2ubuntu0.20.04.3)
impish
Released (4.3.0-1ubuntu0.1)
jammy Not vulnerable
(4.3.0-6)
trusty
Released (4.0.3-7ubuntu0.11+esm1)
upstream
Released (4.4.0, 4.3.0-6)
xenial
Released (4.0.6-1ubuntu0.8+esm1)
Patches:
upstream: https://gitlab.com/libtiff/libtiff/-/commit/46dc8fcd4d38c3b6f35ab28e532aee80e6f609d6