CVE-2022-0562 TIFFReadDirectory() can fail with a memory corruption if a wrong source pointer is passed as an argument. This could lead to DoS.

CVE-2022-0562 TIFFReadDirectory() can fail with a memory corruption if a wrong source pointer is passed as an argument. This could lead to DoS.

libtiff's user-code is fully protected against such issues by static analyzer, thus there is no need to upgrade to latest git version of libtiff. In order to resolve this issue as quickly as possible, a patch has been submitted upstream. There is no fix for this issue in Debian/Ubuntu packages yet. - CVE-2017-6410 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.3.0 does not handle NULL source pointer passed as the first argument. A remote attacker could exploit this vulnerability to cause denial-of-service via crafted TIFF file. - CVE-2017-6411 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.3.0 does not check for NULL source pointer passed as the first argument. A remote attacker could exploit this vulnerability to cause denial-of-service via crafted TIFF file. - CVE-2017-6412 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.3.0 does not validate the second argument passed to the function. A remote attacker could exploit this vulnerability to cause denial-of-service via crafted TIFF file. - CVE-2017-6413 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.

Debian-specific notes

The first two issues are indeed fixed in the latest git version of libtiff.

References: https://github.com/libtiff/libtiff/commit/cfecc8f7c1d87b27db6bafff2bc9aedd6e9d3bf

https://github.com/libtiff/libtiff/commit/4eaec4b0173de9601f908d42ef48e4477ba21b6

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe