CVE-2022-0561 — MEDIUM (5.5)

Q: How severe is CVE-2022-0561?

CVE-2022-0561 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-0561?

Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux, Netapp Ontap Select Deploy Administration Utility.

Vulnerability Description

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libtiff	Libtiff	>= 3.9.0, <= 4.3.0
Redhat	Enterprise Linux	8.0
Fedoraproject	Fedora	35
Debian	Debian Linux	9.0
Netapp	Ontap Select Deploy Administration Utility	-

Related Weaknesses (CWE)

CWE-476

References

https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0PatchThird Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.jsonThird Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/362ExploitIssue TrackingPatch
https://lists.debian.org/debian-lts-announce/2022/03/msg00001.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202210-10Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0001/Third Party Advisory
https://www.debian.org/security/2022/dsa-5108Third Party Advisory
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0PatchThird Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.jsonThird Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/362ExploitIssue TrackingPatch
https://lists.debian.org/debian-lts-announce/2022/03/msg00001.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202210-10Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0001/Third Party Advisory

FAQ

What is CVE-2022-0561?

CVE-2022-0561 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF fi...

How severe is CVE-2022-0561?

CVE-2022-0561 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0561?

Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux, Netapp Ontap Select Deploy Administration Utility.