CVE-2022-2869

2022-08-1700:00:00

ubuntu.com

libtiff

tiffcrop

uint32_t

underflow

extractcontigsamples8bits

crafted file

exploitation

crash

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

27.8%

JSON

libtiff’s tiffcrop tool has a uint32_t underflow which leads to out of
bounds read and write in the extractContigSamples8bits routine. An attacker
who supplies a crafted file to tiffcrop could trigger this flaw, most
likely by tricking a user into opening the crafted file with tiffcrop.
Triggering this flaw could cause a crash or potentially further
exploitation.

Bugs

<https://gitlab.com/libtiff/libtiff/-/issues/352>

Notes

Author	Note
rodrigo-zaiden	fix is the same commit as in CVE-2022-2867, CVE-2022-2868

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchtiff< 4.0.9-5ubuntu0.8UNKNOWN
ubuntu20.04noarchtiff< 4.1.0+git191117-2ubuntu0.20.04.6UNKNOWN
ubuntu22.04noarchtiff< 4.3.0-6ubuntu0.2UNKNOWN
ubuntu14.04noarchtiff< 4.0.3-7ubuntu0.11+esm3UNKNOWN
ubuntu16.04noarchtiff< 4.0.6-1ubuntu0.8+esm3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	tiff	< 4.0.9-5ubuntu0.8	UNKNOWN
ubuntu	20.04	noarch	tiff	< 4.1.0+git191117-2ubuntu0.20.04.6	UNKNOWN
ubuntu	22.04	noarch	tiff	< 4.3.0-6ubuntu0.2	UNKNOWN
ubuntu	14.04	noarch	tiff	< 4.0.3-7ubuntu0.11+esm3	UNKNOWN
ubuntu	16.04	noarch	tiff	< 4.0.6-1ubuntu0.8+esm3	UNKNOWN