Lucene search

K
prionPRIOn knowledge basePRION:CVE-2022-2869
HistoryAug 17, 2022 - 10:15 p.m.

Out-of-bounds

2022-08-1722:15:00
PRIOn knowledge base
www.prio-n.com
16
libtiff tiffcrop uint32_t underflow
out-of-bounds read
out-of-bounds write
extractcontigsamples8bits
crafted file
user interaction
crash
exploitation

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

27.8%

libtiff’s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.