Candidate: CVE-2022-22844
PublicDate: 2022-01-10 14:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
 https://gitlab.com/libtiff/libtiff/-/merge_requests/287
Description:
 LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in
 certain situations involving a custom tag and 0x0200 as the second word of
 the DE field.
Ubuntu-Description:
Notes:
 mdeslaur> this is only a DoS in the tiffset command-line tool
Mitigation:
Bugs:
 https://gitlab.com/libtiff/libtiff/-/issues/355
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_tiff:
 upstream: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64
upstream_tiff: released (4.3.0-3)
trusty/esm_tiff: needs-triage
esm-infra/xenial_tiff: needs-triage
trusty_tiff: ignored (out of standard support)
xenial_tiff: ignored (out of standard support)
bionic_tiff: needed
focal_tiff: needed
hirsute_tiff: ignored (reached end-of-life)
impish_tiff: needed
jammy_tiff: not-affected (4.3.0-4)
devel_tiff: not-affected (4.3.0-4)