CVE-2022-0561
Description
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.101
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3 | Windows |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-32bit-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-debuginfo-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-debuginfo-32bit-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) tiff-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) tiff-debuginfo-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1667-1(SUSE Linux Enterprise Server 12-SP5 ) tiff-debugsource-4.0.9-44.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-4.0.9-44.56.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-32bit-4.0.9-44.56.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-debuginfo-4.0.9-44.56.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) libtiff5-debuginfo-32bit-4.0.9-44.56.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) tiff-4.0.9-44.56.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) tiff-debuginfo-4.0.9-44.56.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3679-1(SUSE Linux Enterprise Server 12-SP5 ) tiff-debugsource-4.0.9-44.56.1.x86_64.rpm | Linux |
| (RHSA-2022:7585) libtiff security update libtiff-4.0.9-23.el8.i686.rpm | Linux |
| (RHSA-2022:7585) libtiff security update libtiff-4.0.9-23.el8.x86_64.rpm | Linux |
| (RHSA-2022:7585) libtiff security update libtiff-debugsource-4.0.9-23.el8.i686.rpm | Linux |
| (RHSA-2022:7585) libtiff security update libtiff-debugsource-4.0.9-23.el8.x86_64.rpm | Linux |
| (RHSA-2022:7585) libtiff security update libtiff-devel-4.0.9-23.el8.i686.rpm | Linux |
| (RHSA-2022:7585) libtiff security update libtiff-devel-4.0.9-23.el8.x86_64.rpm | Linux |
| SUSE-SU-2022:3690-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libtiff5-debuginfo-4.0.9-150000.45.16.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234