Lucene search

K

[email protected]NVD:CVE-2022-3626

HistoryOct 21, 2022 - 4:15 p.m.

CVE-2022-3626

2022-10-2116:15:11

CWE-787

[email protected]

web.nvd.nist.gov

libtiff

out-of-bounds write

denial-of-service

crafted tiff file

source compile

commit 236b7191

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.7%

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

Affected configurations

NVD

Node

libtifflibtiffRange≤4.4.0

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

Node

debiandebian_linuxMatch10.0

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json

gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

gitlab.com/libtiff/libtiff/-/issues/426

lists.debian.org/debian-lts-announce/2023/01/msg00018.html

security.netapp.com/advisory/ntap-20230110-0001/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.7%

Related for NVD:CVE-2022-3626

veracode1 ubuntucve1 prion1 cbl_mariner2 cnvd1 osv5 alpinelinux1 cvelist1 debiancve1 cve1 redhatcve1 mageia1 openvas23 nessus28 photon4 amazon1 almalinux1 oraclelinux1 redhat1 altlinux1 cloudfoundry1 ubuntu1 debian1