CVE-2022-0562

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0562
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0562.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0562
Downstream
Related
Published
2022-02-11T18:15:11Z
Modified
2025-10-14T19:00:13.924481Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

References

Affected packages

Git / gitlab.com/gitlab-org/build/omnibus-mirror/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
561599c99f987dc32ae110370cfdd7df7975586b
Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
f7b79dc7dc86ccbaabe9882e2b9ffa5ee8dac917

Affected versions

Other

Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6
Release-v4-0-7
Release-v4-0-8
Release-v4-0-9

v3.*

v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2

v4.*

v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1
v4.5.0
v4.5.0rc1
v4.5.0rc2
v4.5.0rc3
v4.5.1
v4.5.1rc1
v4.5.1rc2
v4.5.1rc3
v4.6.0
v4.6.0rc1
v4.6.0rc2
v4.7.0
v4.7.0rc1
v4.7.0rc2
v4.7.1
v4.7.1rc1

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-0562-5e6decd3",
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_dirread.c",
                "function": "TIFFReadDirectory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 17287.0,
                "function_hash": "129003738256904974434032312831734533679"
            },
            "deprecated": false,
            "source": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff@561599c99f987dc32ae110370cfdd7df7975586b"
        },
        {
            "id": "CVE-2022-0562-acf8b664",
            "signature_type": "Line",
            "target": {
                "file": "libtiff/tif_dirread.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "222657081805446374098817547520940382651",
                    "46343763023096549359691253295778653557",
                    "8490074471616727942160351420981319456",
                    "262687486300517843764821785466064460"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff@561599c99f987dc32ae110370cfdd7df7975586b"
        }
    ]
}