CVE-2022-3599
libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
LibTIFF versión 4.4.0, presenta una lectura fuera de límites en writeSingleSection en el archivo tools/tiffcrop.c:7345, lo que permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para los usuarios que compilan libtiff desde las fuentes, la corrección está disponible con el commit e8131125
An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-19 CVE Reserved
- 2022-10-21 CVE Published
- 2024-06-11 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20230110-0001 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/issues/398 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 | 2023-02-23 |
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2023/dsa-5333 | 2023-02-23 | |
https://access.redhat.com/security/cve/CVE-2022-3599 | 2023-05-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2142740 | 2023-05-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | <= 4.4.0 Search vendor "Libtiff" for product "Libtiff" and version " <= 4.4.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|