CVE-2022-2953

MEDIUM

Libtiff < 4.4.0 - Out-of-Bounds Read

Title source: rule

Description

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5333

Exploit, Issue Tracking, Patch, VDB Entry

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json

View Exploit ZIP pw:eip

Patch

https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3

View Patch ZIP pw:eip

Exploit, Issue Tracking, Patch, Third Party Advisory

https://gitlab.com/libtiff/libtiff/-/issues/414

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221014-0008/

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (3)

debian/debian_linux 11.0

libtiff/libtiff < 4.4.0

netapp/ontap_select_deploy_administration_utility

Published Aug 29, 2022

Tracked Since Feb 18, 2026