CVE-2022-4645
03.03.2023, 16:15
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libtiff | libtiff | 3.5.1 ≤ 𝑥 ≤ 4.4.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| libtiff |
| ||
| libtiff-debuginfo |
| ||
| libtiff-debugsource |
| ||
| libtiff-devel |
| ||
| libtiff-static |
| ||
| libtiff-tools |
| ||
| libtiff-tools-debuginfo |
|
Azure Linux Releases
Common Weakness Enumeration
References