CVE-2022-3970: LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
First published: Sun Nov 13 2022(Updated: )
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
Credit: found by OSS-Fuzz found by OSS-Fuzz cna@vuldb.com cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/tiff | <=4.4.0-5<=4.2.0-1<=4.2.0-1+deb11u1 | |
| Libtiff Libtiff | <4.5.0 | |
| Apple iPadOS | ||
| Debian Debian Linux | =10.0 | |
| Apple Safari | <16.5.1 | |
| Apple iPadOS | <16.6 | |
| Apple iPhone OS | <16.6 | |
| Apple macOS | <13.5 | |
| Apple macOS Ventura | <13.5 | 13.5 |
| Apple iOS | <16.6 | 16.6 |
| Apple iPadOS | <16.6 | 16.6 |
| ubuntu/tiff | <4.0.9-5ubuntu0.9 | 4.0.9-5ubuntu0.9 |
| ubuntu/tiff | <4.1.0+ | 4.1.0+ |
| ubuntu/tiff | <4.3.0-6ubuntu0.3 | 4.3.0-6ubuntu0.3 |
| ubuntu/tiff | <4.4.0-4ubuntu3.2 | 4.4.0-4ubuntu3.2 |
| ubuntu/tiff | <4.0.3-7ubuntu0.11+ | 4.0.3-7ubuntu0.11+ |
| ubuntu/tiff | <4.5.0<4.4.0-6 | 4.5.0 4.4.0-6 |
| ubuntu/tiff | <4.0.6-1ubuntu0.8+ | 4.0.6-1ubuntu0.8+ |
| debian/tiff | <=4.1.0+git191117-2~deb10u4 | 4.1.0+git191117-2~deb10u8 4.2.0-1+deb11u4 4.2.0-1+deb11u5 4.5.0-6+deb12u1 4.5.1+git230720-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213841 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2022-3970
- https://www.cve.org/CVERecord?id=CVE-2022-3970
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
- https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
- https://security-tracker.debian.org/tracker/CVE-2022-2519
- https://security-tracker.debian.org/tracker/CVE-2022-2520
- https://security-tracker.debian.org/tracker/CVE-2022-2521
- https://security-tracker.debian.org/tracker/CVE-2022-2953
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737
- https://oss-fuzz.com/download?testcase_id=5738253143900160
- https://vuldb.com/?id.213549
- https://security.netapp.com/advisory/ntap-20221215-0009/
- https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213841
- https://launchpad.net/bugs/cve/CVE-2022-3970
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2148919
- https://access.redhat.com/errata/RHSA-2023:2340
- https://access.redhat.com/errata/RHSA-2023:2883
- https://access.redhat.com/security/cve/cve-2022-3970
- https://bugzilla.redhat.com/show_bug.cgi?id=2148918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
- https://ubuntu.com/security/notices/USN-5743-1
- https://ubuntu.com/security/notices/USN-5743-2
- https://ubuntu.com/security/notices/USN-5841-1
- https://nvd.nist.gov/vuln/detail/CVE-2022-3970
- https://ubuntu.com/security/CVE-2022-3970
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40442
- CVE-2023-40439
- CVE-2023-34425
- CVE-2023-38136
- CVE-2023-38580
- CVE-2023-40392
- CVE-2023-40437
- CVE-2023-32416
- CVE-2022-3970
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-38604
- CVE-2023-32734
- CVE-2023-32441
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-38606
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-41995
- CVE-2023-38410
- CVE-2023-38603
- CVE-2023-40400
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-40394
- CVE-2023-32437
- CVE-2023-38605
- CVE-2023-40397
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38572
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
- CVE-2023-38616
- CVE-2023-36862
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-42828
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-32418
- CVE-2023-36854
- CVE-2023-28200
- CVE-2023-37285
- CVE-2023-40440
- CVE-2023-38258
- CVE-2023-38421
- CVE-2023-1916
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38609
- CVE-2023-38259
- CVE-2023-38564
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32442
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-32654
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-38608
Frequently Asked Questions
What is CVE-2022-3970?
CVE-2022-3970 is a critical vulnerability found in LibTIFF that allows for remote code execution through integer overflow.
How severe is CVE-2022-3970?
CVE-2022-3970 has a severity rating of 8.8 (high).
Can CVE-2022-3970 be exploited remotely?
Yes, CVE-2022-3970 can be exploited remotely.
Which software versions are affected by CVE-2022-3970?
The affected software versions of CVE-2022-3970 include tiff 4.0.9-5ubuntu0.9, tiff 4.1.0+, tiff 4.3.0-6ubuntu0.3, tiff 4.4.0-4ubuntu3.2, tiff 4.0.3-7ubuntu0.11+, tiff 4.5.0, tiff 4.4.0-6, tiff 4.0.6-1ubuntu0.8+, and tiff 4.4.0-5 to 4.2.0-1+deb11u1.
How can I fix CVE-2022-3970?
To fix CVE-2022-3970, upgrade to the latest version of tiff as recommended by your operating system or distribution.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- collector/debian-bugs
- alias/CVE-2022-3970
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos ventura
- package-manager/debian
- vendor/libtiff
- canonical/libtiff libtiff
- vendor/netapp
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- canonical/apple safari
- canonical/apple iphone os
- canonical/apple macos
- package-manager/ubuntu