CVE-2022-0562
libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Un puntero fuente null pasado como argumento a la función memcpy() dentro de TIFFReadDirectory() en tif_dirread.c en libtiff versiones desde la 4.0 hasta 4.3.0, podría conllevar a una denegación de servicio por medio de un archivo TIFF diseñado. Para usuarios que compilan libtiff a partir de las fuentes, una corrección está disponible con el commit 561599c
A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy() function within the TIFFReadDirectory() in tif_dirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service.
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Issues addressed include bypass and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-10 CVE Reserved
- 2022-02-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20220318-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/issues/362 | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | >= 4.0.0 <= 4.3.0 Search vendor "Libtiff" for product "Libtiff" and version " >= 4.0.0 <= 4.3.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||