Lucene search

K
cve[email protected]CVE-2022-2867
HistoryAug 17, 2022 - 10:15 p.m.

CVE-2022-2867

2022-08-1722:15:08
CWE-191
CWE-787
CWE-125
web.nvd.nist.gov
123
7
libtiff
tiffcrop
cve-2022-2867
security
vulnerability
exploitation

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%

libtiff’s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

Affected configurations

Vulners
NVD
Node
libtifflibtiffRange≀4.4.0
VendorProductVersionCPE
libtifflibtiff*cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "libtiff",
    "versions": [
      {
        "version": "libtiff 4.4.0rc1",
        "status": "affected"
      }
    ]
  }
]

Social References

More

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%