Published: 21/10/2022 Updated: 23/02/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing malicious users to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff
netapp active iq unified manager -
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1022555 tiff: CVE-2022-3627 CVE-2022-3626 CVE-2022-3599 CVE-2022-3598 CVE-2022-3597 CVE-2022-3570 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 23 Oct 2022 19:54:02 UTC Severity: grave Tags ...

Several security issues were fixed in LibTIFF ...

Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image For the stable distribution (bullseye), these problems have been fixed in version 420-1+deb11u3 We recommend that ...

LibTIFF 440 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unixc:346 when called from extractImageSection, tools/tiffcropc:6860, allowing attackers to cause a denial-of-service via a crafted tiff file For users that compile libtiff from sources, the fix is available with commit 236b7191 (CVE-2022-3627) ...

Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...

Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...

Synopsis Important: OpenShift API for Data Protection (OADP) 115 security and bug fix update Type/Severity Security Advisory: Important Topic OpenShift API for Data Protection (OADP) 115 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Moderate: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Moderate Topic An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8Red Hat Product Security has rated this update ...

Synopsis Moderate: Logging Subsystem 572 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 572 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...

Synopsis Important: Migration Toolkit for Containers (MTC) 1710 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 1710 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

Synopsis Critical: Red Hat Advanced Cluster Management 266 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 266 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

Synopsis Critical: Red Hat Advanced Cluster Management 259 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 259 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

Synopsis Moderate: OpenShift Jenkins image and Jenkins agent base image security update Type/Severity Security Advisory: Moderate Topic Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base imageRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring Sys ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2842 libtiff 440-1 Unknown Unknown ...

CWE-787 https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 https://gitlab.com/libtiff/libtiff/-/issues/411 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json https://security.netapp.com/advisory/ntap-20230110-0001/https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://www.debian.org/security/2023/dsa-5333 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555 https://ubuntu.com/security/notices/USN-5714-1 https://nvd.nist.gov

Get Started

CVE-2022-3627

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect