CVE-2022-1623
Published: 11 May 2022
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Notes
Author | Note |
---|---|
ccdm94 | This CVE has the same fix as the one for CVE-2022-1622. according to the issue in the libtiff git (410), this only affects version 4.3.0 onwards, more specifically, versions that include commit 3079627e. Further investigation has confirmed that versions below 4.3.0 seem to be not affected, as the reproducer does not work, and there are no SEGV errors. Impish and jammy, which include version 4.3.0, also do not seem to be affected, as results from running the POCs with their versions are different than the ones obtained when the specific commit mentioned in the 410 issue by the issue reporter is used with the same POC files (commit b51bb157). For this reason, and because jammy and earlier do not include code from commit 3079627e, these releases will be marked as not vulnerable. |
Priority
Status
Package | Release | Status |
---|---|---|
tiff Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
impish |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
upstream |
Released
(4.4.0)
|
|
Patches: upstream: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |