What is CVE-2022-2867?

CVE-2022-2867 is a vulnerability in libtiff's tiffcrop utility that allows for a uint32_t underflow, leading to out-of-bounds read and write.

How can the CVE-2022-2867 vulnerability be exploited?

An attacker can exploit CVE-2022-2867 by supplying a crafted file to tiffcrop, potentially tricking a user into running tiffcrop on it with certain parameters.

What is the severity of CVE-2022-2867?

CVE-2022-2867 has a severity level of medium (4) based on the CVSS scoring.

Which software versions are affected by CVE-2022-2867?

Versions up to and exclusive of 4.4.0 for libtiff on Red Hat, and versions up to and inclusive of 4.1.0+git191117-2~deb10u4 for tiff on Debian are affected.

How can I fix CVE-2022-2867?

To fix CVE-2022-2867, update to version 4.4.0 for libtiff on Red Hat, or to a version higher than 4.1.0+git191117-2~deb10u4 for tiff on Debian.

Vulnerability/
CVE-2022-2867

medium

5.5

CWE

125 191 787

16/8/2022

17/8/2022

17/12/2024

CVE-2022-2867: Integer Underflow

First published: Tue Aug 16 2022(Updated: )

In libtiff's tiffcrop utility, a uint32_t underflow results in an out-of-bounds read and write in extractContigSamples8bits and extractContigSamplesShifted32bits of tiffcrop.c. References: <a href="https://gitlab.com/libtiff/libtiff/-/issues/350">https://gitlab.com/libtiff/libtiff/-/issues/350</a> <a href="https://gitlab.com/libtiff/libtiff/-/issues/351">https://gitlab.com/libtiff/libtiff/-/issues/351</a> <a href="https://gitlab.com/libtiff/libtiff/-/merge_requests/294/diffs?commit_id=7d7bfa4416366ec64068ac389414241ed4730a54">https://gitlab.com/libtiff/libtiff/-/merge_requests/294/diffs?commit_id=7d7bfa4416366ec64068ac389414241ed4730a54</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Libtiff Libtiff	<4.4.0
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
debian/tiff	<=4.1.0+git191117-2~deb10u4	4.1.0+git191117-2~deb10u8 4.2.0-1+deb11u4 4.2.0-1+deb11u5 4.5.0-6+deb12u1 4.5.1+git230720-3
redhat/libtiff	<4.4.0	4.4.0
IBM Cognos Analytics	<=12.0.0-12.0.3
IBM Cognos Analytics	<=11.2.0-11.2.4 FP4

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=2118847

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7177223

Frequently Asked Questions

What is CVE-2022-2867?
CVE-2022-2867 is a vulnerability in libtiff's tiffcrop utility that allows for a uint32_t underflow, leading to out-of-bounds read and write.
How can the CVE-2022-2867 vulnerability be exploited?
An attacker can exploit CVE-2022-2867 by supplying a crafted file to tiffcrop, potentially tricking a user into running tiffcrop on it with certain parameters.
What is the severity of CVE-2022-2867?
CVE-2022-2867 has a severity level of medium (4) based on the CVSS scoring.
Which software versions are affected by CVE-2022-2867?
Versions up to and exclusive of 4.4.0 for libtiff on Red Hat, and versions up to and inclusive of 4.1.0+git191117-2~deb10u4 for tiff on Debian are affected.
How can I fix CVE-2022-2867?
To fix CVE-2022-2867, update to version 4.4.0 for libtiff on Red Hat, or to a version higher than 4.1.0+git191117-2~deb10u4 for tiff on Debian.

collector/nvd-index
collector/security-tracker-debian
agent/type
agent/softwarecombine
agent/first-publish-date
agent/references
agent/author
agent/severity
agent/remedy
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-2867
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/tags
agent/event
collector/ibm-support
source/IBM
vendor/libtiff
canonical/libtiff libtiff
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/35
version/fedoraproject fedora/36
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
package-manager/debian
package-manager/redhat
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/12.0.0-12.0.3
version/ibm cognos analytics/11.2.0-11.2.4 fp4