VulnerableCode Package Details - pkg:alpm/archlinux/libtiff@4.3.0-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-as9s-4ugc-ukgy Aliases: CVE-2022-1354	Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.	There are no reported fixed by versions.
VCID-ucr1-vp5p-jqck Aliases: CVE-2022-1355	Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-as9s-4ugc-ukgy
Aliases:
CVE-2022-1354

Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

There are no reported fixed by versions.

VCID-ucr1-vp5p-jqck
Aliases:
CVE-2022-1355

Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-25fx-7kmb-fqhm	Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.	CVE-2022-0924
VCID-4mq7-s2p6-yufr	Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.	CVE-2022-0907
VCID-5mak-1mkk-wkdg	NULL Pointer Dereference Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.	CVE-2022-0561
VCID-gmhp-4yx2-gfbv	Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.	CVE-2022-0909
VCID-h6gn-kv5x-bbd5	Out-of-bounds Write A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact	CVE-2022-0891
VCID-kpq7-5vsv-pucy	NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.	CVE-2022-0908
VCID-mhwh-tsst-cfaj	Out-of-bounds Read LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.	CVE-2022-22844
VCID-qsrb-hf2u-tudp	NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.	CVE-2022-0562
VCID-zedn-437q-47b2	Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.	CVE-2022-0865

Vulnerability

Summary

Aliases

VCID-25fx-7kmb-fqhm

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

CVE-2022-0924

VCID-4mq7-s2p6-yufr

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

CVE-2022-0907

VCID-5mak-1mkk-wkdg

NULL Pointer Dereference Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.

CVE-2022-0561

VCID-gmhp-4yx2-gfbv

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

CVE-2022-0909

VCID-h6gn-kv5x-bbd5

Out-of-bounds Write A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVE-2022-0891

VCID-kpq7-5vsv-pucy

NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

CVE-2022-0908

VCID-mhwh-tsst-cfaj

Out-of-bounds Read LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.

CVE-2022-22844

VCID-qsrb-hf2u-tudp

NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.

CVE-2022-0562

VCID-zedn-437q-47b2

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

CVE-2022-0865

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:11.982461+00:00	Arch Linux Importer	Fixing	VCID-5mak-1mkk-wkdg	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.957939+00:00	Arch Linux Importer	Fixing	VCID-qsrb-hf2u-tudp	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.935794+00:00	Arch Linux Importer	Fixing	VCID-zedn-437q-47b2	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.913766+00:00	Arch Linux Importer	Fixing	VCID-h6gn-kv5x-bbd5	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.888996+00:00	Arch Linux Importer	Fixing	VCID-4mq7-s2p6-yufr	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.861648+00:00	Arch Linux Importer	Fixing	VCID-kpq7-5vsv-pucy	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.833830+00:00	Arch Linux Importer	Fixing	VCID-gmhp-4yx2-gfbv	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.805760+00:00	Arch Linux Importer	Fixing	VCID-25fx-7kmb-fqhm	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:25:11.776608+00:00	Arch Linux Importer	Fixing	VCID-mhwh-tsst-cfaj	https://security.archlinux.org/AVG-2658	38.0.0
2026-04-01T18:24:03.572031+00:00	Arch Linux Importer	Affected by	VCID-as9s-4ugc-ukgy	https://security.archlinux.org/AVG-2721	38.0.0
2026-04-01T18:24:03.545534+00:00	Arch Linux Importer	Affected by	VCID-ucr1-vp5p-jqck	https://security.archlinux.org/AVG-2721	38.0.0