CVE-2022-1623Out-of-bounds Read in Tiff

CWE-125Out-of-bounds Read6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 43.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian TiffLibtiffDebian Linux+2 more
Timeline
PublishedMay 11
Latest updateMay 12

Description

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5libtiff/libtiff3079627ea0dee150e6a208cec8381de611bb842b
NVDlibtiff/libtiff4.3.0
debiandebian/tiff< tiff 4.4.0~rc1-1 (bookworm)

Also affects: Debian Linux 11.0, Fedora 35, 36

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

2
GHSA
GHSA-rc2g-jmfp-rfgf: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw2022-05-12
OSV
CVE-2022-1623: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw2022-05-11

📋Vendor Advisories

3
Red Hat
libtiff: out-of-bounds read in LZWDecode2022-05-11
Microsoft
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sourc2022-05-10
Debian
CVE-2022-1623: tiff - LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw....2022
CVE-2022-1623 — Out-of-bounds Read in Debian Tiff | cvebase