CVE-2022-2058: Divide by Zero
First published: Thu Jun 30 2022(Updated: )
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/tiff | <=4.1.0+git191117-2~deb10u4 | 4.1.0+git191117-2~deb10u8 4.2.0-1+deb11u4 4.2.0-1+deb11u5 4.5.0-6+deb12u1 4.5.1+git230720-3 |
| Libtiff Libtiff | =4.4.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| IBM Cognos Analytics | <=12.0.0-12.0.3 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gitlab.com/libtiff/libtiff/-/issues/428
- https://gitlab.com/libtiff/libtiff/-/merge_requests/346
- https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
- https://security-tracker.debian.org/tracker/CVE-2022-2058
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json
- https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/
- https://security.netapp.com/advisory/ntap-20220826-0001/
- https://www.debian.org/security/2023/dsa-5333
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/
- https://www.ibm.com/support/pages/node/7177223 (Advisory)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-2058.
What is the title of the vulnerability?
The title of the vulnerability is 'Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.'
What is the severity of the vulnerability?
The severity of the vulnerability is not specified.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by using a crafted tiff file to cause a Divide By Zero error in tiffcrop, resulting in a denial-of-service condition.
How can I fix this vulnerability?
For users that compile libtiff from sources, the fix is available with commit f3a5e010.
- collector/security-tracker-debian
- agent/type
- agent/remedy
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/event
- agent/first-publish-date
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- package-manager/debian
- vendor/libtiff
- canonical/libtiff libtiff
- version/libtiff libtiff/4.4.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.3
- version/ibm cognos analytics/11.2.0-11.2.4 fp4