Lucene search

K
cvelistRedhatCVELIST:CVE-2022-2869
HistoryAug 17, 2022 - 12:00 a.m.

CVE-2022-2869

2022-08-1700:00:00
CWE-191
redhat
www.cve.org
3
libtiff
tiffcrop
uint32_t underflow
out of bounds read
crafted file
exploitation

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

27.8%

libtiff’s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "libtiff",
    "versions": [
      {
        "version": "libtiff 4.4.0rc1",
        "status": "affected"
      }
    ]
  }
]