Vulnerability CVE-2022-3627: Information
Description
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libtiff | sisyphus | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-3360-1 | 311934 | Fixed |
libtiff | sisyphus_e2k | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-7474-1 | - | Fixed |
libtiff | sisyphus_riscv64 | 4.4.0-alt2 | 4.4.0-alt4 | ALT-PU-2022-7483-1 | - | Fixed |
libtiff | p10 | 4.4.0-alt2 | 4.4.0-alt2 | ALT-PU-2022-3428-1 | 311968 | Fixed |
libtiff | p10_e2k | 4.4.0-alt2 | 4.4.0-alt2 | ALT-PU-2022-7593-1 | - | Fixed |
libtiff | c10f1 | 4.4.0-alt2 | 4.4.0-alt2 | ALT-PU-2022-3428-1 | 311968 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 |
|
https://gitlab.com/libtiff/libtiff/-/issues/411 |
|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json |
|
https://security.netapp.com/advisory/ntap-20230110-0001/ |
|
[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update |
|
DSA-5333 |
|