Vulnerability Details : CVE-2022-3970
Potential exploit
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
Vulnerability category: Overflow
Products affected by CVE-2022-3970
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3970
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3970
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-3970
-
Assigned by: cna@vuldb.com (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-3970
-
https://support.apple.com/kb/HT213841
About the security content of iOS 16.6 and iPadOS 16.6 - Apple SupportRelease Notes;Third Party Advisory
-
https://oss-fuzz.com/download?testcase_id=5738253143900160
Log inProduct
-
https://security.netapp.com/advisory/ntap-20221215-0009/
CVE-2022-3970 LibTIFF Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
[SECURITY] [DLA 3278-1] tiff security updateMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213843
About the security content of macOS Ventura 13.5 - Apple SupportRelease Notes;Third Party Advisory
-
https://vuldb.com/?id.213549
Login requiredThird Party Advisory;VDB Entry
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
53137 - gdal:dimap_fuzzer: Unsigned-integer-overflow in gdal_TIFFReadRGBATileExt - oss-fuzzExploit;Issue Tracking;Third Party Advisory
-
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
TIFFReadRGBATileExt(): fix (unsigned) integer overflow on strips/tiles > 2 GB (22750089) · Commits · libtiff / libtiff · GitLabPatch
Jump to