CVE-2022-34526: 
NixOS vulnerability analysis and mitigation

A stack overflow vulnerability was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0, identified as CVE-2022-34526. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file when parsed by the "tiffsplit" or "tiffcrop" utilities (CVE Mitre, NVD).

The vulnerability exists in the _TIFFVGetField function where a stack buffer overflow occurs during the processing of crafted TIFF files. The issue affects both the tiffsplit and tiffcrop utilities. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NetApp Advisory).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition through the processing of specially crafted TIFF files. The impact is primarily on the availability of the system, with no direct impact on confidentiality or integrity (NetApp Advisory).

Multiple vendors have released patches to address this vulnerability. Debian has fixed the issue in version 4.2.0-1+deb11u3 for the stable distribution (bullseye). NetApp has released patches for affected products including Active IQ Unified Manager for VMware vSphere and ONTAP Select Deploy administration utility (Debian Security Advisory, NetApp Advisory).