CVE-2022-0865

CVE-2022-0865

Name

CVE-2022-0865

Description

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.com/libtiff/libtiff/-/issues/385
MISC	https://gitlab.com/libtiff/libtiff/-/merge_requests/306
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json
Third Party Advisory	https://www.debian.org/security/2022/dsa-5108
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
Third Party Advisory	https://security.gentoo.org/glsa/202210-10
Third Party Advisory	https://security.netapp.com/advisory/ntap-20221228-0008/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/

Type

URI

MISC

https://gitlab.com/libtiff/libtiff/-/issues/385

MISC

https://gitlab.com/libtiff/libtiff/-/merge_requests/306

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json

Third Party Advisory

https://www.debian.org/security/2022/dsa-5108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/