CVE-2022-3970

Published: Nov 13, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

Affected (7)

Products: Libtiff: Libtiff · Netapp: Active Iq Unified Manager · Debian: Debian Linux · +1 more

Show all products

Libtiff: Libtiff · Netapp: Active Iq Unified Manager · Debian: Debian Linux · Apple: Ipados, Iphone Os, Macos, Safari

1 product

1 product

Active Iq Unified Manager

1 product

4 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Before 4.5.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.6
Apple Iphone Os	Before 16.6
Apple Macos	Before 13.5
Apple Safari	Before 16.5.1

Related CWEs

References (16)

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

Source: cna@vuldb.com

Patch

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://oss-fuzz.com/download?testcase_id=5738253143900160

Source: cna@vuldb.com

Product

https://security.netapp.com/advisory/ntap-20221215-0009/

Source: cna@vuldb.com

Third Party Advisory

https://support.apple.com/kb/HT213841

Source: cna@vuldb.com

Release NotesThird Party Advisory

https://support.apple.com/kb/HT213843

Source: cna@vuldb.com

Release NotesThird Party Advisory

https://vuldb.com/?id.213549

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://oss-fuzz.com/download?testcase_id=5738253143900160

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://security.netapp.com/advisory/ntap-20221215-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT213841

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://support.apple.com/kb/HT213843

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://vuldb.com/?id.213549

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.