Lucene search

K

[email protected]NVD:CVE-2022-2867

HistoryAug 17, 2022 - 10:15 p.m.

CVE-2022-2867

2022-08-1722:15:08

CWE-125

CWE-787

CWE-191

[email protected]

web.nvd.nist.gov

5

libtiff

tiffcrop

underflow vulnerability

crafted file

out of bounds

exploitation

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

27.8%

libtiff’s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

Affected configurations

Nvd

Node

libtifflibtiffRange<4.4.0

Node

fedoraprojectfedoraMatch35

OR

fedoraprojectfedoraMatch36

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

References

bugzilla.redhat.com/show_bug.cgi?id=2118847

lists.debian.org/debian-lts-announce/2023/01/msg00018.html

www.debian.org/security/2023/dsa-5333

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

27.8%

Related for NVD:CVE-2022-2867