Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-72096
HistoryOct 25, 2022 - 12:00 a.m.

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72096)

2022-10-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files. The library contains a number of command-line tools for handling TIFF files.LibTIFF version 4.4.0 is vulnerable to a buffer overflow vulnerability, which stems from the existence of multiple heap buffer overflows that could be exploited by an attacker to trigger an insecure or out-of-bounds memory access via a crafted TIFF image file, resulting in an application crash, potential information disclosure, or any other context-sensitive impact.

CPENameOperatorVersion
Libtiff LibTiff >=3.9.0,le4.4.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related for CNVD-2022-72096