libtiff versions 4.2.1 and below are vulnerable to a Denial of Service (DoS) vulnerability. This could result in a crash of libtiff if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service. libtiff is a library that converts image formats between each other. It is commonly used by tools such as viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers
Vulnerability overview
Libtiff versions 4.2.1 and below are vulnerable to a Denial of Service (DoS) vulnerability. This could result in a crash of libtiff if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service, resulting in loss of service for users relying on the affected software for security-critical operations.
Vulnerability summary
CVE-2022-0865 is a vulnerability in the libtiff library. It affects any version of the libtiff library prior to 4.2.1, which was released on January 13, 2016.
A malformed tiff file can cause a crash of libtiff, resulting in a Denial of Service (DoS) because it will try to process an invalid data packet.
CVE-2022-0865 is rated as having moderate severity and affects only 32 platforms out of a total of 300 vulnerable platforms from the National Vulnerability Database (NVD).
Affected Packages: libtiff versions 4.2.1 and below are vulnerable to a Denial of Service (DoS) vulnerability. This could result in a crash of libtiff if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service. libtiff is a library that converts image formats between each other. It is commonly used by tools such as viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, readers, readers, readers, readers, readers, readers, readers, users open-source software developers programmers graphic designers coders web designers web developers for the purpose of manipulating raster graphics images
Products and versions affected
CVE-2022-0865 is referring to the vulnerability in the libtiff library that could result in a Denial of Service (DoS) if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service.
libtiff is a library that converts image formats between each other and is commonly used by tool such as viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, readers, and more. It is vulnerable from version 4.2.1 on.
Timeline
Published on: 03/10/2022 17:44:00 UTC
Last modified on: 04/18/2022 18:48:00 UTC
References
- https://gitlab.com/libtiff/libtiff/-/issues/385
- https://gitlab.com/libtiff/libtiff/-/merge_requests/306
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json
- https://www.debian.org/security/2022/dsa-5108
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0865