libtiff.so is vulnerable to denial of service attacks. The vulnerability exists in the LZWDecode
function the tif_lzw.c
which allows a malicious user to cause denial-of-service conditions via an out-of-bounds read through a crafted tiff
file.
CPE | Name | Operator | Version |
---|---|---|---|
libtiff.so | le | 5.7.0 | |
libtiff.so | le | 5.7.0 |
http:
seclists.org/fulldisclosure/2022/Oct/41
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json
gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
gitlab.com/libtiff/libtiff/-/issues/410
lists.fedoraproject.org/archives/list/[email protected]/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/
lists.fedoraproject.org/archives/list/[email protected]/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/
security.netapp.com/advisory/ntap-20220616-0005/
support.apple.com/kb/HT213443
support.apple.com/kb/HT213444
support.apple.com/kb/HT213446
support.apple.com/kb/HT213486
support.apple.com/kb/HT213487
support.apple.com/kb/HT213488