PT-2022-5611 · Libtiff+10 · Libtiff+10

Published

2022-11-08

Updated

2025-09-24

CVE-2022-3970

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibTIFF (affected versions not specified)

Description A critical issue was found in LibTIFF, affecting the TIFFReadRGBATileExt function in the libtiff/tif getimage.c file. This issue is related to an integer overflow and can be exploited remotely using a specially crafted file, potentially leading to a denial of service. The exploit has been disclosed publicly.

Recommendations To fix this issue, it is recommended to apply a patch. The patch with the name 227500897dfb07fb7d27f7aa570050e62617e3be is available to address this issue. As a temporary workaround, consider disabling the TIFFReadRGBATileExt function until a patch is applied. Additionally, improved memory handling can help mitigate the issue.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-189

Related Identifiers

ALSA-2023:2340

ALSA-2023:2883

ALT-PU-2022-3360

ALT-PU-2022-3428

ALT-PU-2025-7185

ALT-PU-2025-7532

AZL-11449

BDU:2022-06974

CESA-2023_2883

CVE-2022-3970

DLA-3278-1

DSA-5333-1

MGASA-2022-0448

OESA-2022-2108

OPENSUSE-SU-2022_4259-1

OPENSUSE-SU-2024:12510-1

RHSA-2023:2340

RHSA-2023:2883

RHSA-2023_2340

RHSA-2023_2883

ROSA-SA-2023-2264

SUSE-SU-2022:4248-1

SUSE-SU-2022:4259-1

USN-5743-1

USN-5743-2

USN-5841-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libtiff

Linuxmint

Apple Macos

Red Hat

Red Os

Suse

Ubuntu

PT-2022-5611 · Libtiff+10 · Libtiff+10

CVE-2022-3970

Weakness Enumeration

Related Identifiers

Affected Products

References · 107