Denial of Service Vulnerability in libtiff Affecting Multiple Platforms
CVE-2022-0908

7.7HIGH

Key Information:

Vendor: Tiff Software Distribution
Status: Libtiff
Vendor: CVE Published:; 11 March 2022

🔔 Create Tiff Software Distribution Vulnerability Alert

What is CVE-2022-0908?

A vulnerability exists in libtiff that allows attackers to exploit a null source pointer passed to the memcpy() function in the TIFFFetchNormalTag() method within tif_dirread.c. By crafting a malicious TIFF file and triggering this vulnerability, an attacker can induce a denial of service condition, effectively disrupting user access to services and impacting application functionality.

Affected Version(s)

libtiff <=4.3.0

References

https://gitlab.com/libtiff/libtiff/-/issues/383

https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064...

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2022
Vulnerability Reserved
Mar 10, 2022

CVE-2022-0908 Data

JSON