CVE-2022-0907

CVE-2022-0907

Name

CVE-2022-0907

Description

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.com/libtiff/libtiff/-/merge_requests/314
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
MISC	https://gitlab.com/libtiff/libtiff/-/issues/392
Third Party Advisory	https://www.debian.org/security/2022/dsa-5108
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
Third Party Advisory	https://security.netapp.com/advisory/ntap-20220506-0002/
Third Party Advisory	https://security.gentoo.org/glsa/202210-10
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/

Type

URI

MISC

https://gitlab.com/libtiff/libtiff/-/merge_requests/314

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json

MISC

https://gitlab.com/libtiff/libtiff/-/issues/392

Third Party Advisory

https://www.debian.org/security/2022/dsa-5108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/