1. CVE-Search
  2. CVE-2022-2869
ID CVE-2022-2869
Summary libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
References
Vulnerable Configurations
  • cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha5:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha6:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:beta7:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:beta7:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.3-35:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.3-35:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.4:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-191
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 23-02-2023 - 15:49
Published 17-08-2022 - 22:15
Last modified 23-02-2023 - 15:49
Back to Top