libtiff.so is vulnerable to denial of service. The vulnerability is due to memory corruption in the function _TIFFmemset
of processCropSelections
inside the tiffcrop.c
file, which allows an attacker to crash the application via a malicious tiff file.
github.com/advisories/GHSA-q8fq-52x5-p228
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json
gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
gitlab.com/libtiff/libtiff/-/issues/426
lists.debian.org/debian-lts-announce/2023/01/msg00018.html
security.netapp.com/advisory/ntap-20230110-0001/