libtiff.so is vulnerable to denial of service. The vulnerability exists in extractContigSamplesShifted24bits
function of tiffcrop.c
due to a memory corruption which allows an attacker to crash the application via malicious tiff file.
Vendor | Product | Version | CPE |
---|---|---|---|
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.2.0-r1:*:*:*:*:*:*:* |
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.4.0-r0:*:*:*:*:*:*:* |
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.2.0-r0:*:*:*:*:*:*:* |
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.4.0-r1:*:*:*:*:*:*:* |
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.3.0-r1:*:*:*:*:*:*:* |
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.1.0-r0:*:*:*:*:*:*:* |
- | tiff\ | edge | cpe:2.3:a:-:tiff\:edge:4.3.0-r0:*:*:*:*:*:*:* |
- | tiff\ | 3.17 | cpe:2.3:a:-:tiff\:3.17:4.4.0-r1:*:*:*:*:*:*:* |
- | compat-libtiff3 | 3.9.4_11.el7 | cpe:2.3:a:-:compat-libtiff3:3.9.4_11.el7:*:*:*:*:*:*:* |
- | compat-libtiff3 | 3.9.4_12.el7 | cpe:2.3:a:-:compat-libtiff3:3.9.4_12.el7:*:*:*:*:*:*:* |
github.com/advisories/GHSA-4cf4-hqwp-cpp8
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json
gitlab.com/libtiff/libtiff/-/blob/master/tools/tiffcrop.c#L3604
gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
gitlab.com/libtiff/libtiff/-/issues/435
lists.debian.org/debian-lts-announce/2023/01/msg00018.html
security.netapp.com/advisory/ntap-20230110-0001/