CVE-2022-0865 tiffcp in libtiff 4.3.0 has a reachable assertion that can cause a denial of service.

CVE-2022-0865 tiffcp in libtiff 4.3.0 has a reachable assertion that can cause a denial of service.

libtiff versions 4.2.1 and below are vulnerable to a Denial of Service (DoS) vulnerability. This could result in a crash of libtiff if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service. libtiff is a library that converts image formats between each other. It is commonly used by tools such as viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers

Vulnerability overview

Libtiff versions 4.2.1 and below are vulnerable to a Denial of Service (DoS) vulnerability. This could result in a crash of libtiff if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service, resulting in loss of service for users relying on the affected software for security-critical operations.

Vulnerability summary

CVE-2022-0865 is a vulnerability in the libtiff library. It affects any version of the libtiff library prior to 4.2.1, which was released on January 13, 2016.
A malformed tiff file can cause a crash of libtiff, resulting in a Denial of Service (DoS) because it will try to process an invalid data packet.
CVE-2022-0865 is rated as having moderate severity and affects only 32 platforms out of a total of 300 vulnerable platforms from the National Vulnerability Database (NVD).

Affected Packages: libtiff versions 4.2.1 and below are vulnerable to a Denial of Service (DoS) vulnerability. This could result in a crash of libtiff if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service. libtiff is a library that converts image formats between each other. It is commonly used by tools such as viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, readers, readers, readers, readers, readers, readers, readers, users open-source software developers programmers graphic designers coders web designers web developers for the purpose of manipulating raster graphics images

Products and versions affected

CVE-2022-0865 is referring to the vulnerability in the libtiff library that could result in a Denial of Service (DoS) if a malformed tiff file is processed by the library. This may allow an attacker to cause libtiff to crash and possibly result in a Denial of Service.
libtiff is a library that converts image formats between each other and is commonly used by tool such as viewers, viewers, viewers, viewers, viewers, viewers, viewers, viewers, readers, and more. It is vulnerable from version 4.2.1 on.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe