CVE-2022-0561
MEDIUMlibtiff 3.9.0-4.3.0 - Denial of Service via TIFFFetchStripThing memcpy Null Pointer
Title source: llmDescription
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-10
Patch, Third Party Advisory
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json
Exploit, Issue Tracking, Patch, Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/362
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0001/
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (7)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
35
libtiff/libtiff
3.9.0 - 4.3.0
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux
8.0
Published
Feb 11, 2022
Tracked Since
Feb 18, 2026