CVE-2022-2867Integer Underflow (Wrap or Wraparound) in Libtiff

CWE-191Integer Underflow (Wrap or Wraparound)CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-79Cross-site Scripting12 documents9 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.0%
top 96.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
LibtiffDebian TiffDebian Linux+7 more
Timeline
PublishedAug 17
Latest updateNov 8

Description

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDlibtiff/libtiff< 4.4.0
CVEListV5libtiff/libtifflibtiff 4.4.0rc1
debiandebian/tiff< tiff 4.4.0~rc1-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
OSV
tiff vulnerabilities2022-11-08
GHSA
Stored XSS vulnerability in Jenkins DotCi Plugin2022-09-22
OSV
tiff vulnerabilities2022-09-08
GHSA
GHSA-ww36-qxj8-93p2: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write2022-08-18
CVEList
CVE-2022-2867: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write2022-08-17

📋Vendor Advisories

5
Ubuntu
LibTIFF vulnerabilities2022-11-08
Ubuntu
LibTIFF vulnerabilities2022-09-08
Microsoft
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it2022-08-09
Debian
CVE-2022-2867: tiff - libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of boun...2022
Red Hat
libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c2021-12-21