PT-2022-6885 · Libtiff+7 · Libtiff+7

Wangdw.Augustus@Gmail.Com

Published

2022-10-21

Updated

2025-06-19

CVE-2022-3597

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds write in the TIFFmemcpy function in libtiff/tif unix.c:346 when called from extractImageSection in tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. This can be exploited by a remote attacker to disrupt service.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 236b7191.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:2340

ALT-PU-2022-3360

ALT-PU-2022-3428

ALT-PU-2025-7185

ALT-PU-2025-7532

AZL-11284

BDU:2023-05408

CVE-2022-3597

DLA-3278-1

DSA-5333-1

OESA-2022-2020

OPENSUSE-SU-2022_4259-1

OPENSUSE-SU-2024:12510-1

RHSA-2023:2340

RHSA-2023_2340

ROSA-SA-2025-2627

SUSE-SU-2022:4248-1

SUSE-SU-2022:4259-1

SUSE-SU-2022_4248-1

SUSE-SU-2022_4259-1

USN-5714-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Libtiff

Linuxmint

Red Hat

Suse

Ubuntu

PT-2022-6885 · Libtiff+7 · Libtiff+7

CVE-2022-3597

Weakness Enumeration

Related Identifiers

Affected Products

References · 90