LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
References
Configurations
History
07 Nov 2023, 03:58
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Mar 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2023, 14:41
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
CPE | cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* | |
First Time |
Libtiff libtiff
Libtiff |
|
References | (MISC) https://gitlab.com/libtiff/libtiff/-/issues/277 - Exploit, Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json - Third Party Advisory | |
References | (MISC) https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
03 Mar 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-03 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4645
Mitre link : CVE-2022-4645
CVE.ORG link : CVE-2022-4645
JSON object : View
Products Affected
libtiff
- libtiff
CWE
CWE-125
Out-of-bounds Read