Description
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| TIFF Software Distribution | libtiff | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | |||
| libtiff-0:4.0.9-23.el8 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2022:7585 | 2022-11-08T00:00:00Z |
| Red Hat Enterprise Linux 9 | |||
| libtiff-0:4.4.0-2.el9 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2022:8194 | 2022-11-15T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-5108-1 | tiff security update |
 EUVD |
EUVD-2022-15938 | Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. |
 Ubuntu USN |
USN-5523-1 | LibTIFF vulnerabilities |
| Ubuntu USN |
USN-5523-2 | LibTIFF vulnerabilities |
References
History
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published:
Updated: 2024-08-02T23:47:42.818Z
Reserved: 2022-03-10T00:00:00.000Z
Link: CVE-2022-0908
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-11T18:15:27.077
Modified: 2024-11-21T06:39:38.823
Link: CVE-2022-0908
Redhat
OpenCVE Enrichment
No data.
Weaknesses