{"id":"MGASA-2022-0424","summary":"Updated libtiff packages fix security vulnerability","details":"LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in\ntools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via\na crafted tiff file. (CVE-2022-3599)\n\nLibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in\nlibtiff/tif_unix.c:340 when called from processCropSelections,\ntools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via\na crafted tiff file. (CVE-2022-3626)\n\nLibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in\nlibtiff/tif_unix.c:346 when called from extractImageSection,\ntools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via\na crafted tiff file. (CVE-2022-3627)\n","modified":"2026-04-16T04:43:47.620682500Z","published":"2022-11-13T02:25:20Z","upstream":["CVE-2022-3599","CVE-2022-3626","CVE-2022-3627"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0424.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31091"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5714-1"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0-1.10.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0424.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}