PT-2022-4502 · Libtiff+7 · Libtiff+7

Wangdw.Augustus@Gmail.Com

Published

2022-08-29

Updated

2025-06-19

CVE-2022-2953

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c:6905, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can allow a remote attacker to cause a service disruption using a specially formed file.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 48d6ece8. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-122

Related Identifiers

ALSA-2023:0095

ALSA-2023:0302

ALSA-2023_0095

ALSA-2023_0302

ALT-PU-2025-7185

AZL-10762

BDU:2022-05369

CESA-2023_0095

CVE-2022-2953

DSA-5333-1

ELSA-2023-0095

ELSA-2023-0302

OESA-2022-1917

RHSA-2023:0095

RHSA-2023:0302

RHSA-2023_0095

RHSA-2023_0302

RLSA-2023:0095

RLSA-2023:0302

RLSA-2023_0095

RLSA-2023_0302

ROSA-SA-2025-2627

USN-5714-1

Affected Products

Alt Linux

Almalinux

Centos

Libtiff

Linuxmint

Red Hat

Rocky Linux

Ubuntu

PT-2022-4502 · Libtiff+7 · Libtiff+7

CVE-2022-2953

Weakness Enumeration

Related Identifiers

Affected Products

References · 78