CVE-2022-0561

NameCVE-2022-0561
DescriptionNull source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2932-1, DSA-5108-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)stretch4.0.8-2+deb9u5vulnerable
stretch (security)4.0.8-2+deb9u8fixed
buster4.1.0+git191117-2~deb10u3vulnerable
buster (security)4.1.0+git191117-2~deb10u4fixed
bullseye4.2.0-1vulnerable
bullseye (security)4.2.0-1+deb11u1fixed
bookworm, sid4.4.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsourcestretch4.0.8-2+deb9u8DLA-2932-1
tiffsourcebuster4.1.0+git191117-2~deb10u4DSA-5108-1
tiffsourcebullseye4.2.0-1+deb11u1DSA-5108-1
tiffsource(unstable)4.3.0-4

Notes

https://gitlab.com/libtiff/libtiff/-/issues/362
Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef

Search for package or bug name: Reporting problems