{"id":"USN-5705-1","summary":"tiff vulnerabilities","details":"Chintan Shah discovered that LibTIFF incorrectly handled memory in\ncertain conditions. An attacker could trick a user into processing a specially\ncrafted image file and potentially use this issue to allow for information\ndisclosure or to cause the application to crash. (CVE-2022-3570)\n\nIt was discovered that LibTIFF incorrectly handled memory in certain\nconditions. An attacker could trick a user into processing a specially\ncrafted tiff file and potentially use this issue to cause a denial of service.\n(CVE-2022-3598)\n","modified":"2026-04-22T10:29:23.769709Z","published":"2022-10-27T19:27:40Z","related":["UBUNTU-CVE-2022-3570","UBUNTU-CVE-2022-3598"],"upstream":["CVE-2022-3570","CVE-2022-3598","UBUNTU-CVE-2022-3570","UBUNTU-CVE-2022-3598"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5705-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3570"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3598"}],"affected":[{"package":{"name":"tiff","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/tiff@4.0.6-1ubuntu0.8+esm6?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.6-1ubuntu0.8+esm6"}]}],"versions":["4.0.3-12.3ubuntu2","4.0.5-1","4.0.6-1","4.0.6-1ubuntu0.1","4.0.6-1ubuntu0.2","4.0.6-1ubuntu0.3","4.0.6-1ubuntu0.4","4.0.6-1ubuntu0.5","4.0.6-1ubuntu0.6","4.0.6-1ubuntu0.7","4.0.6-1ubuntu0.8","4.0.6-1ubuntu0.8+esm1","4.0.6-1ubuntu0.8+esm2","4.0.6-1ubuntu0.8+esm3","4.0.6-1ubuntu0.8+esm4"],"ecosystem_specific":{"binaries":[{"binary_name":"libtiff-opengl","binary_version":"4.0.6-1ubuntu0.8+esm6"},{"binary_name":"libtiff-tools","binary_version":"4.0.6-1ubuntu0.8+esm6"},{"binary_name":"libtiff5","binary_version":"4.0.6-1ubuntu0.8+esm6"},{"binary_name":"libtiffxx5","binary_version":"4.0.6-1ubuntu0.8+esm6"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5705-1.json","cves_map":{"cves":[{"id":"CVE-2022-3570","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-3598","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.5"}