The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
References
Link | Resource |
---|---|
https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html | Mitigation Third Party Advisory |
https://bugs.gentoo.org/859433 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-07-19 13:15
Updated : 2022-09-23 08:19
NVD link : CVE-2022-34266
Mitre link : CVE-2022-34266
JSON object : View
CWE
CWE-908
Use of Uninitialized Resource
Products Affected
amazon
- linux_2
libtiff
- libtiff