Summaryinfo

A vulnerability identified as problematic has been detected in LibTIFF 4.3.0. This affects an unknown function of the component tiffcrop. Performing a manipulation results in divide by zero. This vulnerability was named CVE-2022-0909. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

Detailsinfo

A vulnerability, which was classified as problematic, was found in LibTIFF 4.3.0 (Image Processing Software). This affects some unknown functionality of the component tiffcrop. The manipulation with an unknown input leads to a divide by zero vulnerability. CWE is classifying the issue as CWE-369. The product divides a value by zero. This is going to have an impact on availability.

The weakness was presented 03/11/2022 as 393. It is possible to read the advisory at gitlab.com. This vulnerability is uniquely identified as CVE-2022-0909 since 03/10/2022. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

The vulnerability scanner Nessus provides a plugin with the ID 274520 (Oracle Linux 8 : mingw-libtiff (ELSA-2025-19906)), which helps to determine the existence of the flaw in a target environment.

Applying a patch is able to eliminate this problem.

The vulnerability is also documented in the databases at Tenable (274520) and EUVD (EUVD-2022-15939). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Image Processing Software

Name

• LibTIFF

Version

• 4.3.0

License

• open-source

Website

• Product: http://www.libtiff.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion