CVE-2022-2058

Published: 30 June 2022

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	bionic	Released (4.0.9-5ubuntu0.7)
	focal	Released (4.1.0+git191117-2ubuntu0.20.04.5)
	impish	Ignored (reached end-of-life)
	jammy	Released (4.3.0-6ubuntu0.1)
	trusty	Released (4.0.3-7ubuntu0.11+esm4)
	upstream	Released (4.4.0-4)
	xenial	Released (4.0.6-1ubuntu0.8+esm4)
	Patches: upstream: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
https://gitlab.com/libtiff/libtiff/-/merge_requests/346
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json
https://ubuntu.com/security/notices/USN-5619-1
NVD
Launchpad
Debian

Bugs

https://gitlab.com/libtiff/libtiff/-/issues/428

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›