CVE-2022-3598
21.10.2022, 16:15
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libtiff | libtiff | 3.9.0 ≤ 𝑥 ≤ 4.4.0 |
| netapp | active_iq_unified_manager | - |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| tiff |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libtiff-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libtiff5 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libtiff5-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libtiff6 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libtiff6-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| tiff |
|
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| libtiff |
| ||||
| libtiff-debuginfo |
| ||||
| libtiff-debugsource |
| ||||
| libtiff-devel |
| ||||
| libtiff-static |
| ||||
| libtiff-tools |
| ||||
| libtiff-tools-debuginfo |
|
Azure Linux Releases
Common Weakness Enumeration
References