CVE-2022-0562
Published: November 2, 2022
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
MEDIUM
CVSS v3: 5.5
CVSS v3: 5.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 24.4 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 24.4.0 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 24.3 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 24.2.1 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 24.2 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 24.1 | libtiff (4.6.0) | Not Affected | Code Not Present | 4.6.0 does not match CVE configuration. |
| 23.3 | libtiff (4.5.1) | Not Affected | Code Not Present | 4.5.1 does not match CVE configuration. |
| 23.2.1 | libtiff (4.3.0) | Resolved | Code Not Present | Patched applied from https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b |
| 23.2 | libtiff (4.3.0) | Resolved | Code Not Present | Patched applied from https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b |
| 23.1 | libtiff (4.3.0) | Resolved | Code Not Present | Patched applied from https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b |
| 22.4 | libtiff (4.3.0) | Resolved | Code Not Present | Patched applied from https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b |
| 22.3 | libtiff (4.3.0) | Resolved | patched in 84036aaa1a4de75908f031070f3383730ce25b4e | |
| 22.2 | libtiff (4.3.0) | Resolved | patched in 84036aaa1a4de75908f031070f3383730ce25b4e | |
| 22.1 | libtiff (4.0.8) | Resolved | patched in 84036aaa1a4de75908f031070f3383730ce25b4e | |
| 21.11.1 | libtiff (4.0.8) | Needs Triage | ||
| 21.11 | libtiff (4.0.8) | Needs Triage | ||
| 21.8.1 | libtiff (4.0.8) | Needs Triage | ||
| 21.8 | libtiff (4.0.8) | Needs Triage | ||
| 21.5.1 | libtiff (4.0.8) | Needs Triage | ||
| 21.5.0 | libtiff (4.0.8) | Needs Triage | ||
| 21.2.0 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.20 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.19.3667 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.18.3599 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.17 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.16.3445 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.15.3368 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.14.3263 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.13.3179 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.12.3054 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.11.3040 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.11.2990 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.10.2934 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.9.2878 | libtiff (4.0.8) | Needs Triage | ||
| 11.4.8.2822 | libtiff (4.0.8) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
LOW
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version
3.1