VDB
JLSEC-2025-270
JLSEC-2025-270
PUBLISHED
CVSS 9.300000190734863 CRITICAL
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing atta...
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | Libtiff_jll | 4.3.0+0, 4.3.0+0 |
Timeline
- Nov 25, 2025 CVE Published
- Nov 25, 2025 CVE Updated
References
- http://seclists.org/fulldisclosure/2022/Oct/28 url
- http://seclists.org/fulldisclosure/2022/Oct/39 url
- http://seclists.org/fulldisclosure/2022/Oct/41 url
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json url
- https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a url
- https://gitlab.com/libtiff/libtiff/-/issues/410 url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/ url
- https://security.netapp.com/advisory/ntap-20220616-0005/ url
- https://support.apple.com/kb/HT213443 url
- https://support.apple.com/kb/HT213444 url
- https://support.apple.com/kb/HT213446 url
- https://support.apple.com/kb/HT213486 url
- https://support.apple.com/kb/HT213487 url
- https://support.apple.com/kb/HT213488 url