CVE-2022-3970

Published: 11/13/2022 08:15:16

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

MEDIUM
CVSS v3: 6.3

Status

DocFilters Release	Package	State	Justification	Comment
25.1	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
24.4	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
24.4.0	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
24.3	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
24.2.1	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
24.2	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
24.1	libtiff (4.6.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
23.3	libtiff (4.5.1)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
23.2.1	libtiff (4.3.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
23.2	libtiff (4.3.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
23.1	libtiff (4.3.0)	Not Affected	Code Not Reachable	Unused code block. Occurs in TIFFReadRGBATileExt. The code is currently unused but fix was still applied from libtiff commit: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
22.4	libtiff (4.3.0)	Needs Triage
22.3	libtiff (4.3.0)	Needs Triage
22.2	libtiff (4.3.0)	Needs Triage
22.1	libtiff (4.0.8)	Needs Triage
21.11.1	libtiff (4.0.8)	Needs Triage
21.11	libtiff (4.0.8)	Needs Triage
21.8.1	libtiff (4.0.8)	Needs Triage
21.8	libtiff (4.0.8)	Needs Triage
21.5.1	libtiff (4.0.8)	Needs Triage
21.5.0	libtiff (4.0.8)	Needs Triage
21.2.0	libtiff (4.0.8)	Needs Triage
11.4.20	libtiff (4.0.8)	Needs Triage
11.4.19.3667	libtiff (4.0.8)	Needs Triage
11.4.18.3599	libtiff (4.0.8)	Needs Triage
11.4.17	libtiff (4.0.8)	Needs Triage
11.4.16.3445	libtiff (4.0.8)	Needs Triage
11.4.15.3368	libtiff (4.0.8)	Needs Triage
11.4.14.3263	libtiff (4.0.8)	Needs Triage
11.4.13.3179	libtiff (4.0.8)	Needs Triage
11.4.12.3054	libtiff (4.0.8)	Needs Triage
11.4.11.3040	libtiff (4.0.8)	Needs Triage
11.4.11.2990	libtiff (4.0.8)	Needs Triage
11.4.10.2934	libtiff (4.0.8)	Needs Triage
11.4.9.2878	libtiff (4.0.8)	Needs Triage
11.4.8.2822	libtiff (4.0.8)	Needs Triage

Severity score breakdown

Attack Complexity

LOW

Attack Vector

NETWORK

Availability Impact

LOW

Base Score

6.3

Base Severity

MEDIUM

Confidentiality Impact

LOW

Integrity Impact

LOW

Privileges Required

NONE

Scope

UNCHANGED

User Interaction

REQUIRED

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Version

3.1

References

NVD
MITRE