CVE-2022-3627

Name
CVE-2022-3627
Description
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
MISC https://gitlab.com/libtiff/libtiff/-/issues/411
CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json
Third Party Advisory https://security.netapp.com/advisory/ntap-20230110-0001/
Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
Third Party Advisory https://www.debian.org/security/2023/dsa-5333

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* libtiff >= None <= 4.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status