CVE-CVE-2022-3570 | HIGH Severity | CVEDatabase.com

Description

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector: local
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: high
Weaknesses: CWE-787CWE-787

Metadata

Primary Vendor: LIBTIFF
Published: 10/21/2022
Last Modified: 5/7/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

libtiff : libtiffdebian : debian_linuxdebian : debian_linux

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD