CVE-2022-3970
- ULN >
- Oracle Linux CVE repository >
- CVE-2022-3970
CVE Details
| Release Date: | 2022-11-13 |
Description
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
See more information about CVE-2022-3970 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 8.8 | Base Metrics: | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Access Vector: | Network | Attack Complexity: | Low |
| Privileges Required: | None | User Interaction: | Required |
| Scope: | Unchanged | Confidentiality Impact: | High |
| Integrity Impact: | High | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (libtiff) | ELSA-2023-2883 | 2023-05-24 |
| Oracle Linux version 9 (libtiff) | ELSA-2023-2340 | 2023-05-15 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
