cbcvebase.
CVE-2022-3570
published 2022-10-21

CVE-2022-3570: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via…

PriorityP418medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.48%
38.2th percentile
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Affected

7 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiantiff< tiff 4.4.0-5 (bookworm)tiff 4.4.0-5 (bookworm)
libtifflibtiff
libtifflibtiff3.9.0 – 4.4.0
msrccbl2_libtiff_4.4.0-5_on_cbl_mariner_2.0
msrccm1_libtiff_4.4.0-4_on_cbl_mariner_1.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian7.7HIGH
vendor_redhat7.7HIGH
vendor_ubuntu7.7HIGH
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.