VulnerableCode Package Details - pkg:alpm/archlinux/libtiff@4.3.0-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/libtiff@4.3.0-1

Essentials
History (9)

purl	pkg:alpm/archlinux/libtiff@4.3.0-1

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-25fx-7kmb-fqhm Aliases: CVE-2022-0924	Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4mq7-s2p6-yufr Aliases: CVE-2022-0907	Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5mak-1mkk-wkdg Aliases: CVE-2022-0561	NULL Pointer Dereference Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gmhp-4yx2-gfbv Aliases: CVE-2022-0909	Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-h6gn-kv5x-bbd5 Aliases: CVE-2022-0891	Out-of-bounds Write A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kpq7-5vsv-pucy Aliases: CVE-2022-0908	NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mhwh-tsst-cfaj Aliases: CVE-2022-22844	Out-of-bounds Read LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qsrb-hf2u-tudp Aliases: CVE-2022-0562	NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zedn-437q-47b2 Aliases: CVE-2022-0865	Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.	4.3.0-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:11.978647+00:00	Arch Linux Importer	Affected by	VCID-5mak-1mkk-wkdg	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.954408+00:00	Arch Linux Importer	Affected by	VCID-qsrb-hf2u-tudp	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.932207+00:00	Arch Linux Importer	Affected by	VCID-zedn-437q-47b2	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.910298+00:00	Arch Linux Importer	Affected by	VCID-h6gn-kv5x-bbd5	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.885456+00:00	Arch Linux Importer	Affected by	VCID-4mq7-s2p6-yufr	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.857889+00:00	Arch Linux Importer	Affected by	VCID-kpq7-5vsv-pucy	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.829980+00:00	Arch Linux Importer	Affected by	VCID-gmhp-4yx2-gfbv	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.801909+00:00	Arch Linux Importer	Affected by	VCID-25fx-7kmb-fqhm	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.772768+00:00	Arch Linux Importer	Affected by	VCID-mhwh-tsst-cfaj	https://security.archlinux.org/AVG-2658	38.0.0