
Cloud Vulnerability DB
A community-led vulnerabilities database
A vulnerability was discovered in LibTIFF 4.3.0, specifically affecting the TIFF File Handler of tiff2ps. The issue was disclosed on April 3, 2022, and is tracked as CVE-2022-1210. The vulnerability affects the file conversion functionality when processing TIFF files to PostScript format (NVD, Gitlab Issue).
The vulnerability is caused by an incorrect memory size request in the tiff2ps conversion process. When attempting to allocate memory, the system requests an excessive amount (0x2000000000 bytes), leading to an out-of-memory condition. The issue has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).
When exploited, this vulnerability leads to a denial of service condition. The attack can be triggered remotely but requires user interaction, specifically when attempting to convert a maliciously crafted TIFF file to PostScript format (NVD).
The vulnerability has been addressed in LibTIFF version 4.4.0. Users are advised to upgrade to this version or later. For Gentoo users, the fix is available through package update to media-libs/tiff-4.4.0 or later versions (Gentoo Advisory).
Various organizations have responded to this vulnerability. NetApp has issued an advisory (NTAP-20220513-0005) for their affected products, specifically the ONTAP Select Deploy administration utility (NetApp Advisory).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."