CVE-2022-1056

CVE	CVE-2022-1056
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-28 19:15:00 UTC
Updated	2023-02-22 17:35:00 UTC
Description	Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

Problem Types: CWE-125

Type	Vendor	Product	Version	Update	Edition	Language
Application	Libtiff	Libtiff	4.3.0	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All

Reference	Source	Link	Tags
2022/CVE-2022-1056.json · master · GitLab.org / cves · GitLab	CONFIRM	gitlab.com
April 2022 LibTIFF Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
LibTIFF: Multiple Vulnerabilities (GLSA 202210-10) — Gentoo security	GENTOO	security.gentoo.org
tiffcrop: heap-buffer-overflow in _TIFFmemcpy, tif_unix.c:346 (#391) · Issues · libtiff / libtiff · GitLab	MISC	gitlab.com
tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection (!307) · Merge requests · libtiff / libtiff · GitLab	MISC	gitlab.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

LEGACY: [email protected]

184742 Debian Security Update for tiff (CVE-2022-1056)
354326 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-194
354416 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-094
354431 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-183
354588 Amazon Linux Security Advisory for libtiff : ALAS-2022-194
355159 Amazon Linux Security Advisory for libtiff : ALAS2023-2023-050
710659 Gentoo Linux LibTIFF Multiple Vulnerabilities (GLSA 202210-10)
752138 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:1667-1)
752188 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:1882-1)
901721 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (9187-1)