CVE-2022-1622
Debian Security Advisory 5333-1
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit b4e79bfa
Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
*Credits:
wangdw.augustus@gmail.com
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-09 CVE Reserved
- 2022-05-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List |
|
| http://seclists.org/fulldisclosure/2022/Oct/39 | Mailing List |
|
| http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List |
|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20220616-0005 | Third Party Advisory |
|
| https://support.apple.com/kb/HT213443 | Release Notes |
|
| https://support.apple.com/kb/HT213444 | Release Notes |
|
| https://support.apple.com/kb/HT213446 | Release Notes |
|
| https://support.apple.com/kb/HT213486 | Release Notes |
|
| https://support.apple.com/kb/HT213487 | Release Notes |
|
| https://support.apple.com/kb/HT213488 | Release Notes |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/issues/410 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | 4.3.0 Search vendor "Libtiff" for product "Libtiff" and version "4.3.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 16.0 Search vendor "Apple" for product "Iphone Os" and version " < 16.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 11.0 < 11.7 Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 12.0 < 12.6 Search vendor "Apple" for product "Macos" and version " >= 12.0 < 12.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 16.0 Search vendor "Apple" for product "Tvos" and version " < 16.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 9.0 Search vendor "Apple" for product "Watchos" and version " < 9.0" | - |
Affected
| ||||||