CVE-2022-3626

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds write in the TIFFmemset function, allowing attackers to cause a denial-of-service via a crafted tiff file. This can be triggered when the TIFFmemset function is called from processCropSelections in tools/tiffcrop.c:7619. The vulnerability is associated with a memory buffer overflow.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 236b7191. As a temporary workaround, consider restricting the use of crafted tiff files to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:2340

ALT-PU-2022-3360

ALT-PU-2022-3428

ALT-PU-2025-7185

ALT-PU-2025-7532

AZL-11287

BDU:2023-05409

CVE-2022-3626

DLA-3278-1

DSA-5333-1

MGASA-2022-0424

OESA-2022-2020

OPENSUSE-SU-2022_4259-1

OPENSUSE-SU-2024:12510-1

RHSA-2023:2340

RHSA-2023_2340

ROSA-SA-2025-2627

SUSE-SU-2022:4248-1

SUSE-SU-2022:4259-1

USN-5714-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Libtiff

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2022-3626

Weakness Enumeration

Related Identifiers

Affected Products

References · 91