Candidate: CVE-2022-0561
PublicDate: 2022-02-11 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json
Description:
 Null source pointer passed as an argument to memcpy() function within
 TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to
 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that
 compile libtiff from sources, the fix is available with commit eecb0712.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://gitlab.com/libtiff/libtiff/-/issues/362
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_tiff:
 upstream: https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
upstream_tiff: released (4.3.0-4)
trusty/esm_tiff: needs-triage
esm-infra/xenial_tiff: needs-triage
trusty_tiff: ignored (out of standard support)
xenial_tiff: ignored (out of standard support)
bionic_tiff: needed
focal_tiff: needed
impish_tiff: needed
jammy_tiff: not-affected (4.3.0-4)
devel_tiff: not-affected (4.3.0-4)