CVE-2022-1622

Summary

CVE	CVE-2022-1622
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-05-11 15:15:00 UTC
Updated	2023-11-07 03:42:00 UTC
Description	LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Macos	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Watchos	All	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Libtiff	Libtiff	4.3.0	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All

References

Reference	Source	Link	Tags
Full Disclosure: APPLE-SA-2022-10-24-2 macOS Ventura 13		seclists.org
About the security content of macOS Big Sur 11.7 - Apple Support	CONFIRM	support.apple.com
Full Disclosure: APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16		seclists.org
About the security content of macOS Monterey 12.6 - Apple Support	CONFIRM	support.apple.com
Full Disclosure: APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13	FULLDISC	seclists.org
2022/CVE-2022-1622.json · master · GitLab.org / cves · GitLab	CONFIRM	gitlab.com
About the security content of macOS Ventura 13 - Apple Support	CONFIRM	support.apple.com
About the security content of watchOS 9 - Apple Support	CONFIRM	support.apple.com
tiffcp: SEGV in LZWDecode, tif_lzw.c:619 and tif_lzw.c:624 (#410) · Issues · libtiff / libtiff · GitLab	MISC	gitlab.com
About the security content of iOS 16 - Apple Support	CONFIRM	support.apple.com
About the security content of tvOS 16 - Apple Support	CONFIRM	support.apple.com
[SECURITY] Fedora 36 Update: libtiff-4.4.0-1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 36 Update: libtiff-4.4.0-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: libtiff-4.4.0-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
tif_lzw.c: fix potential out-of-bounds error when trying to read in the same... (b4e79bfa) · Commits · libtiff / libtiff · GitLab	MISC	gitlab.com
May 2022 LibTIFF Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] Fedora 35 Update: libtiff-4.4.0-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: [email protected]

Legacy QID Mappings

181520 Debian Security Update for tiff (DSA 5333-1)
182323 Debian Security Update for tiff (CVE-2022-1622)
282854 Fedora Security Update for libtiff (FEDORA-2022-ea3ebeff3d)
282867 Fedora Security Update for libtiff (FEDORA-2022-e9fe21d102)
354326 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-194
354416 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-094
354431 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-183
354588 Amazon Linux Security Advisory for libtiff : ALAS-2022-194
355159 Amazon Linux Security Advisory for libtiff : ALAS2023-2023-050
610446 Apple iOS 16 Security Update Missing
710659 Gentoo Linux LibTIFF Multiple Vulnerabilities (GLSA 202210-10)
901764 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (9733)
902339 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (9733-1)