Published: 11/05/2022 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing malicious users to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.3.0
fedoraproject fedora 35
fedoraproject fedora 36
netapp ontap select deploy administration utility -
apple iphone os
apple macos
apple watchos
apple tvos

Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image For the stable distribution (bullseye), these problems have been fixed in version 420-1+deb11u3 We recommend that ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2842 libtiff 440-1 Unknown Unknown ...

A heap buffer overflow flaw was found in Libtiffs' tiffinfoc in TIFFReadRawDataStriped() function This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service (CVE-2022-1354) A stack buffer overflow flaw was found in Libtiffs' tiffcpc ...

Out-of-bounds Read error in tiffcrop in libtiff 430 allows attackers to cause a denial-of-service via a crafted tiff file For users that compile libtiff from sources, the fix is available with commit 46dc8fcd (CVE-2022-1056) A heap buffer overflow flaw was found in Libtiffs' tiffinfoc in TIFFReadRawDataStriped() function This flaw allows an a ...

CWE-125 https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json https://security.netapp.com/advisory/ntap-20220616-0005/https://support.apple.com/kb/HT213488 https://support.apple.com/kb/HT213446 https://support.apple.com/kb/HT213444 https://support.apple.com/kb/HT213443 https://support.apple.com/kb/HT213486 https://support.apple.com/kb/HT213487 http://seclists.org/fulldisclosure/2022/Oct/41 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5333

CVE-2022-1622

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect