CVE-2022-2953

CVE-2022-2953

Name

CVE-2022-2953

Description

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3
MISC	https://gitlab.com/libtiff/libtiff/-/issues/414
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json
Third Party Advisory	https://security.netapp.com/advisory/ntap-20221014-0008/
Third Party Advisory	https://www.debian.org/security/2023/dsa-5333

Type

URI

MISC

https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3

MISC

https://gitlab.com/libtiff/libtiff/-/issues/414

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221014-0008/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5333