Lucene search

[email protected]CVE-2022-0865

HistoryMar 10, 2022 - 5:44 p.m.

CVE-2022-0865

2022-03-1017:44:00

CWE-617

[email protected]

web.nvd.nist.gov

156

cve-2022-0865

reachable assertion

denial-of-service

tiffcp

libtiff 4.3.0

nvd

vulnerability

security

crafted tiff file

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

69.5%

JSON

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

CPENameOperatorVersion
libtiff:libtifflibtiffeq4.3.0
debian:debian_linuxdebian debian linuxeq10.0
debian:debian_linuxdebian debian linuxeq11.0
fedoraproject:fedorafedoraproject fedoraeq36
netapp:active_iq_unified_managernetapp active iq unified managereq-

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	4.3.0
debian:debian_linux	debian debian linux	eq	10.0
debian:debian_linux	debian debian linux	eq	11.0
fedoraproject:fedora	fedoraproject fedora	eq	36
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	-