CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
References
Link Resource
https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html Mitigation Third Party Advisory
https://bugs.gentoo.org/859433 Third Party Advisory
Configurations

Configuration 1


Information

Published : 2022-07-19 08:15

Updated : 2022-09-23 03:19


NVD link : CVE-2022-34266

Mitre link : CVE-2022-34266

Products Affected
No products.
CWE