Vulnerabilities > CVE-2022-0907 - Unchecked Return Value vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2022-03-11

Updated: 2023-11-07

Summary

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

Vulnerable Configurations

Part	Description	Count
Application	Libtiff Libtiff Libtiff 4.3.0	1
Application	Netapp Netapp Ontap Select Deploy Administration Utility -	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2
OS	Fedoraproject Fedoraproject Fedora 35 Fedoraproject Fedora 36	2

Common Weakness Enumeration (CWE)

CWE-252 - Unchecked Return Value

References

https://gitlab.com/libtiff/libtiff/-/merge_requests/314
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
https://gitlab.com/libtiff/libtiff/-/issues/392
https://www.debian.org/security/2022/dsa-5108
https://security.netapp.com/advisory/ntap-20220506-0002/
https://security.gentoo.org/glsa/202210-10
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/