8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.8%
Software: libtiff 4.0.9
OS: ROSA Virtualization 2.1
package_evr_string: libtiff-4.0.9-28.rv3.src.rpm
CVE-ID: CVE-2022-0561
BDU-ID: 2022-05790
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TIFFFetchStripThing() function of the tif_dirread.c component of the LibTIFF library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted TIFF file
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libtiff
CVE-ID: CVE-2022-0562
BDU-ID: 2022-05758
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TIFFReadDirectory() function of the tif_dirread.c component of the LibTIFF library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted TIFF file
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libtiff
CVE-ID: CVE-2022-0891
BDU-ID: 2022-05792
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ExtractImageSection function of the tiffcrop.c component of the LibTIFF library is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data and cause a denial of service using a specially crafted TIFF image
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libtiff command
CVE-ID: CVE-2022-1355
BDU-ID: 2023-09082
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the main() function of the tiffcp.c component of the LibTIFF library is related to a buffer overflow on the stack. Exploitation of the vulnerability could allow an attacker to compromise data integrity as well as cause a denial of service with a specially crafted TIFF file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libtiff command
CVE-ID: CVE-2022-2867
BDU-ID: 2023-05415
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command
CVE-ID: CVE-2022-2868
BDU-ID: 2023-05420
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability exists in the tiffcrop utility due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command
CVE-ID: CVE-2022-2869
BDU-ID: 2023-05416
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command
CVE-ID: CVE-2022-3970
BDU-ID: 2022-06974
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the TIFFReadRGBATileExt() function (libtiff/tif_getimage.c) of the LibTIFF library involves an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.8%