CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
References
Link Resource
https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html Mitigation Third Party Advisory
https://bugs.gentoo.org/859433 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:libtiff:libtiff:4.0.3-35:*:*:*:*:*:*:*
cpe:2.3:o:amazon:linux_2:-:*:*:*:*:*:*:*

Information

Published : 2022-07-19 13:15

Updated : 2022-09-23 08:19


NVD link : CVE-2022-34266

Mitre link : CVE-2022-34266


JSON object : View

CWE
CWE-908

Use of Uninitialized Resource

Advertisement

dedicated server usa

Products Affected

amazon

  • linux_2

libtiff

  • libtiff