Описание
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 4.0.9-5ubuntu0.5 |
| devel | not-affected | 4.3.0-4 |
| esm-infra-legacy/trusty | released | 4.0.3-7ubuntu0.11+esm1 |
| esm-infra/bionic | released | 4.0.9-5ubuntu0.5 |
| esm-infra/focal | released | 4.1.0+git191117-2ubuntu0.20.04.3 |
| esm-infra/xenial | released | 4.0.6-1ubuntu0.8+esm1 |
| focal | released | 4.1.0+git191117-2ubuntu0.20.04.3 |
| impish | released | 4.3.0-1ubuntu0.1 |
| jammy | not-affected | 4.3.0-4 |
| kinetic | not-affected | 4.3.0-4 |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
Уязвимость функции TIFFFetchStripThing() библиотеки LibTIFF операционных систем Amazon Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3