PT-2022-6890 · Libtiff+8 · Libtiff+8

4Ugustus

Published

2022-03-21

Updated

2025-06-19

CVE-2022-3627

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds write in the TIFFmemcpy function, allowing attackers to cause a denial-of-service via a crafted tiff file. This can be triggered when TIFFmemcpy is called from extractImageSection in tools/tiffcrop.c:6860. The vulnerability may allow a remote attacker to cause a denial-of-service.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 236b7191.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:2340

ALSA-2023:2883

ALSA-2023_2883

ALT-PU-2022-3360

ALT-PU-2022-3428

ALT-PU-2025-7185

ALT-PU-2025-7532

AZL-11288

BDU:2023-05414

CESA-2023_2883

CVE-2022-3627

DLA-3278-1

DSA-5333-1

MGASA-2022-0424

OESA-2022-2020

OPENSUSE-SU-2022_4259-1

OPENSUSE-SU-2024:12510-1

RHSA-2023:2340

RHSA-2023:2883

RHSA-2023_2340

RHSA-2023_2883

ROSA-SA-2025-2627

SUSE-SU-2022:4248-1

SUSE-SU-2022:4259-1

USN-5714-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libtiff

Linuxmint

Red Hat

Suse

Ubuntu

PT-2022-6890 · Libtiff+8 · Libtiff+8

CVE-2022-3627

Weakness Enumeration

Related Identifiers

Affected Products

References · 99