Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-2953
HistoryAug 29, 2022 - 3:15 p.m.

CVE-2022-2953

2022-08-2915:15:10
Debian Security Bug Tracker
security-tracker.debian.org
38
libtiff 4.4.0
out-of-bounds read
denial-of-service
crafted tiff file
libtiff from sources
commit 48d6ece8
unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.7%

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.7%