CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34266
https://notcve.org/view.php?id=CVE-2022-34266
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. El paquete libtiff versión 4.0.3-35.amzn2.0.1 para LibTIFF en Amazon Linux 2 permite a los atacantes causar una denegación de servicio (bloqueo de la aplicación), una vulnerabilidad diferente a CVE-2022-0562. Cuando es procesado un archivo TIFF malicioso, puede pasarse un rango no válido como argumento a la función memset() dentro de TIFFFetchStripThing() en tif_dirread.c. • https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html https://bugs.gentoo.org/859433 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1623
https://notcve.org/view.php?id=CVE-2022-1623
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:624, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff desde las fuentes, la corrección está disponible con el commit b4e79bfa • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK https://security.gentoo.org/glsa/202210-10 https://security.net • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-1622
https://notcve.org/view.php?id=CVE-2022-1622
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit b4e79bfa • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.o • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1210 – LibTIFF tiff2ps resource consumption
https://notcve.org/view.php?id=CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. • https://gitlab.com/libtiff/libtiff/-/issues/402 https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20220513-0005 https://vuldb.com/?id.196363 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1056
https://notcve.org/view.php?id=CVE-2022-1056
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. Un error de lectura fuera de límites en tiffcrop en libtiff versión 4.3.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit 46dc8fcd • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json https://gitlab.com/libtiff/libtiff/-/issues/391 https://gitlab.com/libtiff/libtiff/-/merge_requests/307 https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20221228-0008 • CWE-125: Out-of-bounds Read •