CVE-2022-3970
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-3970
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3970.json
- Related
- Published
- 2022-11-13T08:15:16Z
- Modified
- 2023-11-29T09:50:54.775337Z
- Details
-
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
- References
-
- https://security.netapp.com/advisory/ntap-20221215-0009/
- https://vuldb.com/?id.213549
- https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
- https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
- https://oss-fuzz.com/download?testcase_id=5738253143900160
- https://support.apple.com/kb/HT213841
- https://support.apple.com/kb/HT213843
Affected packages
Alpine:v3.14 / tiff
Package
- Name
- tiff
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed4.4.0-r1
Affected versions
3.*
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.9.5-r0
3.9.5-r1
4.*
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.3-r0
4.0.3-r1
4.0.3-r2
4.0.3-r3
4.0.6-r0
4.0.6-r1
4.0.6-r2
4.0.6-r3
4.0.7-r0
4.0.7-r1
4.0.7-r2
4.0.7-r3
4.0.8-r0
4.0.8-r1
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.9-r3
4.0.9-r4
4.0.9-r5
4.0.9-r6
4.0.9-r7
4.0.9-r8
4.0.10-r0
4.0.10-r1
4.0.10-r2
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.2.0-r0
4.2.0-r1
4.3.0-r1
Alpine:v3.15 / tiff
Package
- Name
- tiff
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed4.4.0-r1
Affected versions
3.*
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.9.5-r0
3.9.5-r1
4.*
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.3-r0
4.0.3-r1
4.0.3-r2
4.0.3-r3
4.0.6-r0
4.0.6-r1
4.0.6-r2
4.0.6-r3
4.0.7-r0
4.0.7-r1
4.0.7-r2
4.0.7-r3
4.0.8-r0
4.0.8-r1
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.9-r3
4.0.9-r4
4.0.9-r5
4.0.9-r6
4.0.9-r7
4.0.9-r8
4.0.10-r0
4.0.10-r1
4.0.10-r2
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.2.0-r0
4.2.0-r1
4.3.0-r0
4.3.0-r1
Alpine:v3.16 / tiff
Package
- Name
- tiff
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed4.4.0-r1
Affected versions
3.*
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.9.5-r0
3.9.5-r1
4.*
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.3-r0
4.0.3-r1
4.0.3-r2
4.0.3-r3
4.0.6-r0
4.0.6-r1
4.0.6-r2
4.0.6-r3
4.0.7-r0
4.0.7-r1
4.0.7-r2
4.0.7-r3
4.0.8-r0
4.0.8-r1
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.9-r3
4.0.9-r4
4.0.9-r5
4.0.9-r6
4.0.9-r7
4.0.9-r8
4.0.10-r0
4.0.10-r1
4.0.10-r2
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.2.0-r0
4.2.0-r1
4.3.0-r0
4.3.0-r1
Alpine:v3.17 / tiff
Package
- Name
- tiff
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed4.4.0-r2
Affected versions
3.*
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.9.5-r0
3.9.5-r1
4.*
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.3-r0
4.0.3-r1
4.0.3-r2
4.0.3-r3
4.0.6-r0
4.0.6-r1
4.0.6-r2
4.0.6-r3
4.0.7-r0
4.0.7-r1
4.0.7-r2
4.0.7-r3
4.0.8-r0
4.0.8-r1
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.9-r3
4.0.9-r4
4.0.9-r5
4.0.9-r6
4.0.9-r7
4.0.9-r8
4.0.10-r0
4.0.10-r1
4.0.10-r2
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.2.0-r0
4.2.0-r1
4.3.0-r0
4.3.0-r1
4.4.0-r1
Alpine:v3.18 / tiff
Package
- Name
- tiff
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed4.5.0-r0
Affected versions
3.*
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.9.5-r0
3.9.5-r1
4.*
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.3-r0
4.0.3-r1
4.0.3-r2
4.0.3-r3
4.0.6-r0
4.0.6-r1
4.0.6-r2
4.0.6-r3
4.0.7-r0
4.0.7-r1
4.0.7-r2
4.0.7-r3
4.0.8-r0
4.0.8-r1
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.9-r3
4.0.9-r4
4.0.9-r5
4.0.9-r6
4.0.9-r7
4.0.9-r8
4.0.10-r0
4.0.10-r1
4.0.10-r2
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.2.0-r0
4.2.0-r1
4.3.0-r0
4.3.0-r1
4.4.0-r0
4.4.0-r1
Git / gitlab.com/libtiff/libtiff
Affected versions
v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1