Lucene search

[email protected]CVE-2022-34526

HistoryJul 29, 2022 - 11:15 p.m.

CVE-2022-34526

2022-07-2923:15:00

CWE-787

[email protected]

web.nvd.nist.gov

112

cve-2022-34526

stack overflow

_tiffvgetfield

tiffsplit v4.4.0

dos

tiff file

tiffsplit

tiffcrop

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.7%

JSON

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the “tiffsplit” or “tiffcrop” utilities.

CPENameOperatorVersion
libtiff:libtifflibtiffeq4.4.0
fedoraproject:fedorafedoraproject fedoraeq36
netapp:ontap_select_deploy_administration_utilitynetapp ontap select deploy administration utilityeq-
netapp:active_iq_unified_managernetapp active iq unified managereq-
debian:debian_linuxdebian debian linuxeq10.0
debian:debian_linuxdebian debian linuxeq11.0

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	4.4.0
fedoraproject:fedora	fedoraproject fedora	eq	36
netapp:ontap_select_deploy_administration_utility	netapp ontap select deploy administration utility	eq	-
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	-
debian:debian_linux	debian debian linux	eq	10.0
debian:debian_linux	debian debian linux	eq	11.0