CVE-2022-3570
libtiff: heap Buffer overflows in tiffcrop.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Múltiples desbordamientos del búfer de la pila en la utilidad tiffcrop.c de libtiff library versión 4.4.0, permiten a un atacante desencadenar un acceso a la memoria no seguro o fuera de límites por medio de un archivo de imagen TIFF diseñado, lo que podría resultar en un bloqueo de la aplicación, una posible divulgación de información o cualquier otro impacto dependiente del contexto
A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-17 CVE Reserved
- 2022-10-21 CVE Published
- 2024-06-11 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20230203-0002 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/issues/381 | 2024-08-03 | |
https://gitlab.com/libtiff/libtiff/-/issues/386 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c | 2023-02-23 |
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2023/dsa-5333 | 2023-02-23 | |
https://access.redhat.com/security/cve/CVE-2022-3570 | 2023-05-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2142734 | 2023-05-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | >= 3.9.0 <= 4.4.0 Search vendor "Libtiff" for product "Libtiff" and version " >= 3.9.0 <= 4.4.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|