Lucene search

K

China National Vulnerability DatabaseCNVD-2022-72102

HistoryAug 31, 2022 - 12:00 a.m.

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72102)

2022-08-3100:00:00

China National Vulnerability Database

www.cnvd.org.cn

12

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files. The library contains a number of command-line tools for processing TIFF files. libTIFF suffers from a security vulnerability that stems from the lack of proper validation of user-supplied data by extractImageSection in its tools/tiffcrop.c:6905, where specially crafted data could trigger a read beyond the end of the allocated buffer. An attacker could exploit this vulnerability to cause a denial of service via a crafted tiff file.

CPENameOperatorVersion
libtiff libtiffle4.4.0

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Related for CNVD-2022-72102

prion1 cbl_mariner2 cve1 redhatcve1 osv7 veracode1 alpinelinux1 nessus29 ubuntucve1 debiancve1 photon4 openvas16 amazon1 rocky2 oraclelinux2 redhat7 almalinux2 ibm4 cloudfoundry1 ubuntu1 debian1