First published: Fri Oct 21 2022(Updated: )
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libtiff Libtiff | >=3.9.0<=4.4.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/tiff | <=4.1.0+git191117-2~deb10u4 | 4.1.0+git191117-2~deb10u8 4.2.0-1+deb11u4 4.2.0-1+deb11u5 4.5.0-6+deb12u1 4.5.1+git230720-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3570 is a vulnerability in the libtiff library that allows an attacker to trigger heap buffer overflows via a crafted TIFF image file, potentially leading to application crashes or other impacts.
CVE-2022-3570 has a severity rating of 5.5, which is considered high.
Versions 4.1.0+git191117-2~deb10u8, 4.2.0-1+deb11u4, 4.5.0-6, and 4.5.1+git230720-1 of the libtiff library are affected.
To fix CVE-2022-3570, update the libtiff library to a version that is not affected, such as 4.1.0+git191117-2~deb10u8, 4.2.0-1+deb11u4, 4.5.0-6, or 4.5.1+git230720-1.
Yes, you can find references for CVE-2022-3570 at the following URLs: [Reference 1](https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff), [Reference 2](https://gitlab.com/libtiff/libtiff/-/issues/381), [Reference 3](https://gitlab.com/libtiff/libtiff/-/issues/386).