CVE-2022-3970

OL CVE Issue Summary:

`cvtClump()` in rgb2ycbcr in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the `-v` option to `-1`. `_TIFFFax3fillruns()` in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.`DumpModeDecode()` could be exploited to cause denial-of-service via a crafted Tiff image. A heap-based buffer overflow in the `t2p_write_pdf()` in `tools/tiff2pdf.c`. This heap overflow could lead to various damages. For example, a crafted TIFF document can lead to an out-of-bounds read in `TIFFCleanup()`, an invalid free in `TIFFClose()` or `t2p_free()`, memory corruption in `t2p_readwrite_pdf_image()`, or a double free in `t2p_free()`. Given these possibilities, it probably could result in arbitrary code execution. This affects `TIFFReadRGBATileExt()` in `libtiff/tif_getimage.c`. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public. The identifier VDB-213549 was assigned to this vulnerability.