Lucene search

K

China National Vulnerability DatabaseCNVD-2022-72098

HistorySep 05, 2022 - 12:00 a.m.

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72098)

2022-09-0500:00:00

China National Vulnerability Database

www.cnvd.org.cn

10

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files. A security vulnerability exists in LibTIFF, which stems from a heap buffer overflow flaw found in the TIFFReadRawDataStriped() function of tiffinfo.c. An attacker could pass a specially crafted TIFF file to the tiffinfo tool to trigger a denial of service. An attacker could exploit this flaw to pass specially crafted TIFF files to the tiffinfo tool, which could trigger a heap buffer overflow issue resulting in a denial of service.

CPENameOperatorVersion
libtiff libtifflt4.4.0

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Related for CNVD-2022-72098

veracode1 cve1 ubuntucve1 nessus20 osv5 openvas14 prion1 debiancve1 redhatcve1 mageia1 fedora2 cloudfoundry1 ubuntu1 ibm1 oraclelinux1 redhat1 almalinux1 gentoo1 debian2