Lucene search

K
cvelistRedhatCVELIST:CVE-2022-2867
HistoryAug 17, 2022 - 12:00 a.m.

CVE-2022-2867

2022-08-1700:00:00
CWE-191
redhat
www.cve.org
1
libtiff
tiffcrop
uint32_t
underflow
out of bounds
read
write

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

27.8%

libtiff’s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "libtiff",
    "versions": [
      {
        "version": "libtiff 4.4.0rc1",
        "status": "affected"
      }
    ]
  }
]