CVE-2022-0908
tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Un puntero fuente Null pasado como argumento a la función memcpy() dentro de la función TIFFFetchNormalTag () en el archivo tif_dirread.c en libtiff versiones hasta 4.3.0, podría conllevar a una Denegación de Servicio por medio de un archivo TIFF diseñado
A flaw was found in LibTIFF where a NULL source pointer passed as an argument to the memcpy() function within the TIFFFetchNormalTag() in tif_dirread.c. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service.
An update that fixes 8 vulnerabilities is now available. This update for tiff fixes the following issues. Fixed null source pointer passed as an argument to memcpy within TIFFFetchStripThing in tif_dirread.c. Fixed null source pointer passed as an argument to memcpy within TIFFReadDirectory in tif_dirread.c. Fixed assertion failure in TIFFReadAndRealloc. Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file. Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file. Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag. Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file. Fixed heap buffer overflow in extractImageSection.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-10 CVE Reserved
- 2022-03-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2025-07-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20220506-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/issues/383 | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | <= 4.3.0 Search vendor "Libtiff" for product "Libtiff" and version " <= 4.3.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||