Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0561

Опубликовано: 11 фев. 2022
Источник: redhat
CVSS3: 5.5

Описание

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy() function within the TIFFFetchStripThing() in tif_dirread.c. This flaw allows an attacker with a crafted TIFF file to exploit this flaw, causing a crash and leading to a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libtiffNot affected
Red Hat Enterprise Linux 7compat-libtiff3Not affected
Red Hat Enterprise Linux 7libtiffOut of support scope
Red Hat Enterprise Linux 8compat-libtiff3Not affected
Red Hat Enterprise Linux 8libtiffFixedRHSA-2022:758508.11.2022
Red Hat Enterprise Linux 9libtiffFixedRHSA-2022:819415.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2054494libtiff: Denial of Service via crafted TIFF file

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0561

CVSS3: 5.5
ubuntu
почти 4 года назад

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

nvd логотип

CVE-2022-0561

CVSS3: 5.5
nvd
почти 4 года назад

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

msrc логотип

CVE-2022-0561

CVSS3: 5.5
msrc
почти 4 года назад

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources the fix is available with commit eecb0712.

debian логотип

CVE-2022-0561

CVSS3: 5.5
debian
почти 4 года назад

Null source pointer passed as an argument to memcpy() function within ...

github логотип

GHSA-g7mf-pj82-5qhj

CVSS3: 5.5
github
почти 4 года назад

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

5.5 Medium

CVSS3