A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 | Exploit Issue Tracking Third Party Advisory |
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be | Patch |
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html | Mailing List Third Party Advisory |
https://oss-fuzz.com/download?testcase_id=5738253143900160 | Product |
https://security.netapp.com/advisory/ntap-20221215-0009/ | Third Party Advisory |
https://support.apple.com/kb/HT213841 | Release Notes Third Party Advisory |
https://support.apple.com/kb/HT213843 | Release Notes Third Party Advisory |
https://vuldb.com/?id.213549 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
17 Nov 2023, 19:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
|
First Time |
Apple safari
Apple ipados Apple macos Apple Apple iphone Os |
|
References | (N/A) https://vuldb.com/?id.213549 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://support.apple.com/kb/HT213841 - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213843 - Release Notes, Third Party Advisory |
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
CWE |
01 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Sep 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html - Mailing List, Third Party Advisory |
21 Jan 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jan 2023, 17:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Netapp active Iq Unified Manager
Netapp |
|
References | (N/A) https://oss-fuzz.com/download?testcase_id=5738253143900160 - Product, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221215-0009/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
15 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Nov 2022, 18:25
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 - Exploit, Issue Tracking, Third Party Advisory | |
References | (N/A) https://vuldb.com/?id.213549 - Third Party Advisory | |
References | (N/A) https://oss-fuzz.com/download?testcase_id=5738253143900160 - Permissions Required, Third Party Advisory | |
References | (N/A) https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be - Patch, Third Party Advisory | |
First Time |
Libtiff libtiff
Libtiff |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* |
13 Nov 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-13 08:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-3970
Mitre link : CVE-2022-3970
CVE.ORG link : CVE-2022-3970
JSON object : View
Products Affected
debian
- debian_linux
apple
- iphone_os
- macos
- ipados
- safari
netapp
- active_iq_unified_manager
libtiff
- libtiff
CWE
CWE-189
Numeric Errors