VIR Vulnerability Intelligence Relay

CVE-2022-3598

medium
Published 2023-05-09 Β· Modified 2023-05-12
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

Moderate: libtiff security update

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 9libtiff-0:4.4.0-7.el9RHSA-2023:23402023-05-09T00:00:00Z Package state ProductPackageState Red Hat Enterprise Linux 6libtiffOut of support scope Red Hat…

Description

libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 9libtiff-0:4.4.0-7.el9RHSA-2023:23402023-05-09T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6libtiffOut of support scope
Red Hat Enterprise Linux 7compat-libtiff3Out of support scope
Red Hat Enterprise Linux 7libtiffOut of support scope
Red Hat Enterprise Linux 8compat-libtiff3Will not fix
Red Hat Enterprise Linux 8libtiffWill not fix

Apply commands

bash fix
Apply RHSA-2023:2340 for Red Hat Enterprise Linux 9
yum update -y libtiff
# or:
dnf upgrade -y libtiff

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
9 Fixed libtiff-4.4.0-7.el9.aarch64.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 4.4.0-5
sid Fixed 4.4.0-5
forky Fixed 4.4.0-5
bullseye Fixed 4.2.0-1+deb11u3
bookworm Fixed 4.4.0-5
redhat Red Hat Fixed 1 release
VersionStatusFixed in
9 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.