Lucene search

[email protected]CVE-2022-0561

HistoryFeb 11, 2022 - 6:15 p.m.

CVE-2022-0561

2022-02-1118:15:00

CWE-476

[email protected]

web.nvd.nist.gov

155

cve-2022-0561

libtiff

vulnerability

dos

tiff file

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.1%

JSON

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

CPENameOperatorVersion
libtiff:libtifflibtiffle4.3.0
redhat:enterprise_linuxredhat enterprise linuxeq8.0
fedoraproject:fedorafedoraproject fedoraeq35
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
debian:debian_linuxdebian debian linuxeq11.0
netapp:ontap_select_deploy_administration_utilitynetapp ontap select deploy administration utilityeq-

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	le	4.3.0
redhat:enterprise_linux	redhat enterprise linux	eq	8.0
fedoraproject:fedora	fedoraproject fedora	eq	35
debian:debian_linux	debian debian linux	eq	9.0
debian:debian_linux	debian debian linux	eq	10.0
debian:debian_linux	debian debian linux	eq	11.0
netapp:ontap_select_deploy_administration_utility	netapp ontap select deploy administration utility	eq	-