Home > Vulnerability Database > CVE-2022-3970

Mend.io Vulnerability Database

CVE-2022-3970

Date: November 13, 2022

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

Language: C

Severity Score

8.8

Related Resources (12)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3970

Url: https://support.apple.com/kb/HT213841

Url: https://support.apple.com/kb/HT213843

Url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

Url: https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

Url: https://security-tracker.debian.org/tracker/CVE-2022-3970

Url: https://oss-fuzz.com/download?testcase_id=5738253143900160

Url: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

Url: https://vuldb.com/?id.213549

Url: https://security.netapp.com/advisory/ntap-20221215-0009/

Url: https://access.redhat.com/security/cve/CVE-2022-3970

Url: https://www.mend.io/vulnerability-database/CVE-2022-3970

Severity Score

8.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3970

Date: November 13, 2022

Language: C

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?