PT-2023-4908 · Libtiff+6 · Libtiff+6

4Ugustus

Publicado

2023-01-29

Atualizado

2025-06-26

CVE-2022-4645

CVSS v3.1

6.8

Média

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds read in the tiffcp utility, located in tools/tiffcp.c:948, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can lead to a disruption in service.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit e8131125 to resolve the issue. As a temporary workaround, consider restricting the use of the tiffcp utility until the fix is applied.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2023:2340

ALSA-2024:3059

ALSA-2024_3059

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-13826

AZL-43561

AZL-44667

BDU:2023-05401

CESA-2024_3059

CVE-2022-4645

DSA-5333-1

INFSA-2024_3059

MGASA-2023-0113

RHSA-2023:2340

RHSA-2023_2340

RHSA-2024:3059

RHSA-2024_3059

RLSA-2024:3059

ROSA-SA-2025-2627

ROSA-SA-2025-2657

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Libtiff

Red Hat

Rocky Linux

PT-2023-4908 · Libtiff+6 · Libtiff+6

CVE-2022-4645

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 69