Lucene search

[email protected]CVE-2022-0924

HistoryMar 11, 2022 - 6:15 p.m.

CVE-2022-0924

2022-03-1118:15:00

CWE-125

[email protected]

web.nvd.nist.gov

164

cve-2022-0924

out-of-bounds read

tiffcp

libtiff

denial-of-service

crafted tiff file

nvd

security vulnerability

fix

408976c4

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

51.7%

JSON

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

CPENameOperatorVersion
libtiff:libtifflibtiffeq4.3.0
debian:debian_linuxdebian debian linuxeq10.0
debian:debian_linuxdebian debian linuxeq11.0
fedoraproject:fedorafedoraproject fedoraeq35
fedoraproject:fedorafedoraproject fedoraeq36
netapp:ontap_select_deploy_administration_utilitynetapp ontap select deploy administration utilityeq-

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	4.3.0
debian:debian_linux	debian debian linux	eq	10.0
debian:debian_linux	debian debian linux	eq	11.0
fedoraproject:fedora	fedoraproject fedora	eq	35
fedoraproject:fedora	fedoraproject fedora	eq	36
netapp:ontap_select_deploy_administration_utility	netapp ontap select deploy administration utility	eq	-