Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources a fix is available with commit 561599c.

🗓️ 18 Feb 2022 08:00:00Reported by MicrosoftType

Null pointer to memcpy in TIFFReadDirectory (libtiff 4.0–4.3.0) causes denial of service from crafted TIFF files; fix via commit 561599c.

Reporter	Title	Published	Views	Family All 211
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	30 Jan 202316:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0562	1 Dec 202217:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	2 Feb 202303:37	–	ibm
ATTACKERKB	CVE-2022-34266	19 Jul 202220:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : libtiff, libtiff-devel, libtiff-static (ALAS2022-2022-049)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : libtiff, libtiff-devel, libtiff-static (ALAS2022-2022-194)	4 Nov 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-050)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libtiff (ALAS-2022-1799)	7 Jun 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libtiff (ALAS-2022-1814)	15 Jul 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libtiff (ALAS-2022-1625)	5 Aug 202200:00	–	nessus