Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libtiff@4.0.9-23?arch=el8
purl pkg:rpm/redhat/libtiff@4.0.9-23?arch=el8
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-25fx-7kmb-fqhm
Aliases:
CVE-2022-0924
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. There are no reported fixed by versions.
VCID-5mak-1mkk-wkdg
Aliases:
CVE-2022-0561
NULL Pointer Dereference Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file. There are no reported fixed by versions.
VCID-gmhp-4yx2-gfbv
Aliases:
CVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. There are no reported fixed by versions.
VCID-h6gn-kv5x-bbd5
Aliases:
CVE-2022-0891
Out-of-bounds Write A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact There are no reported fixed by versions.
VCID-kpq7-5vsv-pucy
Aliases:
CVE-2022-0908
NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. There are no reported fixed by versions.
VCID-mhwh-tsst-cfaj
Aliases:
CVE-2022-22844
Out-of-bounds Read LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field. There are no reported fixed by versions.
VCID-qsrb-hf2u-tudp
Aliases:
CVE-2022-0562
NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file. There are no reported fixed by versions.
VCID-ucr1-vp5p-jqck
Aliases:
CVE-2022-1355
Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service. There are no reported fixed by versions.
VCID-zedn-437q-47b2
Aliases:
CVE-2022-0865
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:00:36.856603+00:00 RedHat Importer Affected by VCID-mhwh-tsst-cfaj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json 38.0.0
2026-04-01T13:59:40.393396+00:00 RedHat Importer Affected by VCID-qsrb-hf2u-tudp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json 38.0.0
2026-04-01T13:59:40.347236+00:00 RedHat Importer Affected by VCID-5mak-1mkk-wkdg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json 38.0.0
2026-04-01T13:59:31.545547+00:00 RedHat Importer Affected by VCID-h6gn-kv5x-bbd5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json 38.0.0
2026-04-01T13:59:29.849295+00:00 RedHat Importer Affected by VCID-zedn-437q-47b2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json 38.0.0
2026-04-01T13:59:15.914771+00:00 RedHat Importer Affected by VCID-25fx-7kmb-fqhm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json 38.0.0
2026-04-01T13:59:15.867991+00:00 RedHat Importer Affected by VCID-gmhp-4yx2-gfbv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json 38.0.0
2026-04-01T13:59:15.822417+00:00 RedHat Importer Affected by VCID-kpq7-5vsv-pucy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json 38.0.0
2026-04-01T13:58:57.356804+00:00 RedHat Importer Affected by VCID-ucr1-vp5p-jqck https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json 38.0.0