libtiff.so is vulnerable to out-of-bounds read. The vulnerability exists in DECLAREwriteFunc
function in tiffcp.c
due to influence memory values which allows an attacker to send crated tiff file causing an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
libtiff.so | eq | 5.4.0 | |
libtiff.so | eq | 3.9.4 | |
libtiff.so | eq | 5.7.0 | |
libtiff.so | eq | 5.2.0 | |
libtiff.so | le | 4.3.6 | |
tiff:edge | eq | 4.1.0-r0 | |
tiff:edge | eq | 4.2.0-r1 | |
tiff:edge | eq | 4.3.0-r0 | |
tiff:edge | eq | 4.2.0-r0 | |
tiff:3.15 | eq | 4.3.0-r0 |
github.com/advisories/GHSA-3h8g-q3cw-mr42
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json
gitlab.com/libtiff/libtiff/-/commit/88d79a45a31c74cba98c697892fed5f7db8b963a
gitlab.com/libtiff/libtiff/-/issues/278
gitlab.com/libtiff/libtiff/-/merge_requests/311
lists.fedoraproject.org/archives/list/[email protected]/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
lists.fedoraproject.org/archives/list/[email protected]/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
security.gentoo.org/glsa/202210-10
security.netapp.com/advisory/ntap-20220506-0002/
www.debian.org/security/2022/dsa-5108