Headline
CVE-2022-0907: add checks for return value of limitMalloc (#392) (!314) · Merge requests · libtiff / libtiff · GitLab
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
Skip to content
GitLab
- GitLab: the DevOps platform
- Explore GitLab
- Install GitLab
- How GitLab compares
- Get started
- GitLab docs
- GitLab Learn
Pricing
Talk to an expert
/
Help
Help
Support
Community forum
Submit feedback
Contribute to GitLab
Switch to GitLab Next
Projects Groups Snippets
Sign up now
Login
Sign in / Register
- libtiff
- libtiff
- Merge requests
- !314
add checks for return value of limitMalloc (#392)
- Review changes
Download
Email patches
Plain diff
Merged 4ugustus requested to merge waugustus/libtiff:issue-392 into master Mar 07, 2022
- Overview 0
- Commits 1
- Pipelines 1
- Changes 1
fix the SEGV bug in tiffcrop, which is described in #392 (closed).
Closes #392 (closed)
Edited Mar 07, 2022 by 4ugustus
Related news
Ubuntu Security Notice 5523-2 - USN-5523-1 fixed several vulnerabilities in LibTIFF. This update provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 5523-1 - It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service.