Description
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Published: 2022-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-2932-1 tiff security update
Debian DSA Debian DSA DSA-5108-1 tiff security update
EUVD EUVD EUVD-2022-15681 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Ubuntu USN Ubuntu USN USN-5421-1 LibTIFF vulnerabilities
History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00028}

 epss

{'score': 0.00047}

Subscriptions

Debian Debian Linux
Fedoraproject Fedora
Libtiff Libtiff
Netapp Ontap Select Deploy Administration Utility
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2024-08-02T23:32:46.296Z

Reserved: 2022-02-10T00:00:00.000Z

Link: CVE-2022-0562

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-11T18:15:11.083

Modified: 2024-11-21T06:38:55.367

Link: CVE-2022-0562

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-02-11T00:00:00Z

Links: CVE-2022-0562 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses