Vulnerability CVE-2022-2058: Information
Description
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| libtiff | sisyphus | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-3360-1 | 311934 | Fixed |
| libtiff | sisyphus_e2k | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-7474-1 | - | Fixed |
| libtiff | sisyphus_riscv64 | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-7483-1 | - | Fixed |
| libtiff | p10 | 4.4.0-alt2 | 4.4.0-alt2 | ALT-PU-2022-3428-1 | 311968 | Fixed |
| libtiff | p10_e2k | 4.4.0-alt2 | 4.4.0-alt2 | ALT-PU-2022-7593-1 | - | Fixed |
| libtiff | c10f1 | 4.4.0-alt2 | 4.4.0-alt2 | ALT-PU-2022-3428-1 | 311968 | Fixed |
| libtiff | p11 | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-3360-1 | 311934 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json |
|
| https://gitlab.com/libtiff/libtiff/-/merge_requests/346 |
|
| https://gitlab.com/libtiff/libtiff/-/issues/428 |
|
| https://security.netapp.com/advisory/ntap-20220826-0001/ |
|
| [debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update |
|
| DSA-5333 |
|
| FEDORA-2022-edf7301147 | |
| FEDORA-2022-b9c2a3a2b7 |