CVE-2022-2869
Summary
| CVE | CVE-2022-2869 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-17 22:15:00 UTC |
|---|
| Updated | 2023-11-07 03:47:00 UTC |
|---|
| Description | libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 2118869 – (CVE-2022-2869) CVE-2022-2869 libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() |
MISC |
bugzilla.redhat.com |
|
| Debian -- Security Information -- DSA-5333-1 tiff |
DEBIAN |
www.debian.org |
|
| [SECURITY] [DLA 3278-1] tiff security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160390 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-0095)
- 181488 Debian Security Update for tiff (DLA 3278-1)
- 181520 Debian Security Update for tiff (DSA 5333-1)
- 182132 Debian Security Update for tiff (CVE-2022-2869)
- 199019 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-5714-1)
- 241054 Red Hat Update for libtiff (RHSA-2023:0095)
- 354053 Amazon Linux Security Advisory for kernel : ALAS2-2022-1838
- 354326 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-194
- 354416 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-094
- 354431 Amazon Linux Security Advisory for libtiff : ALAS2022-2022-183
- 354588 Amazon Linux Security Advisory for libtiff : ALAS-2022-194
- 355159 Amazon Linux Security Advisory for libtiff : ALAS2023-2023-050
- 502527 Alpine Linux Security Update for tiff
- 504474 Alpine Linux Security Update for tiff
- 672204 EulerOS Security Update for libtiff (EulerOS-SA-2022-2469)
- 672261 EulerOS Security Update for libtiff (EulerOS-SA-2022-2689)
- 672296 EulerOS Security Update for libtiff (EulerOS-SA-2022-2657)
- 672346 EulerOS Security Update for libtiff (EulerOS-SA-2022-2770)
- 672388 EulerOS Security Update for libtiff (EulerOS-SA-2022-2735)
- 672772 EulerOS Security Update for libtiff (EulerOS-SA-2023-1509)
- 672775 EulerOS Security Update for compat-libtiff3 (EulerOS-SA-2023-1494)
- 752686 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:3679-1)
- 752701 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:3690-1)
- 902768 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (10599) (DEPRECATED)
- 902773 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (10593) (DEPRECATED)
- 906738 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (10599-1)
- 906754 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (10593-1)
- 940871 AlmaLinux Security Update for libtiff (ALSA-2023:0095)
- 960537 Rocky Linux Security Update for libtiff (RLSA-2023:0095)
