CVE-2022-3570Out-of-bounds Write in Tiff

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow10 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.0%
top 99.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian TiffLibtiffDebian Linux+2 more
Timeline
PublishedOct 21
Latest updateNov 8

Description

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlibtiff/libtiff3.9.04.4.0
CVEListV5libtiff/libtiff>=3.9.0, <=4.4.0
debiandebian/tiff< tiff 4.4.0-5 (bookworm)

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: gitlab.comPatch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

4
OSV
tiff vulnerabilities2022-11-08
OSV
tiff vulnerabilities2022-10-27
GHSA
GHSA-w3vw-h42p-vjw6: Multiple heap buffer overflows in tiffcrop2022-10-21
OSV
CVE-2022-3570: Multiple heap buffer overflows in tiffcrop2022-10-21

📋Vendor Advisories

5
Ubuntu
LibTIFF vulnerabilities2022-11-08
Ubuntu
LibTIFF vulnerabilities2022-10-27
Microsoft
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result in2022-10-11
Red Hat
libtiff: heap Buffer overflows in tiffcrop.c2022-02-24
Debian
CVE-2022-3570: tiff - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version ...2022