← back
CVE-2022-0561

CVE-2022-0561

CVSS 5.5 MEDIUMEPSS 1.3%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
libtiff · libtiff

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdefhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.jsonhttps://gitlab.com/libtiff/libtiff/-/issues/362https://lists.debian.org/debian-lts-announce/2022/03/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/https://security.gentoo.org/glsa/202210-10https://security.netapp.com/advisory/ntap-20220318-0001/https://www.debian.org/security/2022/dsa-5108