CVE-2022-22844

MEDIUM

Libtiff - Out-of-Bounds Read

Title source: rule

Description

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

References (6)

Core 6

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2022/dsa-5108

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202210-10

Exploit, Mitigation, Third Party Advisory

https://gitlab.com/libtiff/libtiff/-/issues/355

Exploit, Mitigation, Third Party Advisory

https://gitlab.com/libtiff/libtiff/-/merge_requests/287

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220311-0002/

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (5)

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

libtiff/libtiff 4.3.0

netapp/ontap_select_deploy_administration_utility

Published Jan 10, 2022

Tracked Since Feb 18, 2026