CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
59.1%
LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16
function in jfdctint.c.
Author | Note |
---|---|
mdeslaur | as of 2022-03-04, no upstream fix |
ccdm94 | as of 2022-11-24, no upstream fix is available. A comment has been made in the issue bug requesting that the issue be closed given that for ijg-libjpeg versions after 9c the vulnerability seems to not be reproducible with the provided PoC file. A discussion on whether this is a libtiff issue or a libjpeg issue can be seen in a few comments in the bug report. The vulnerability also does not reproduce in xenial nor does it reproduce in kinetic. |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
59.1%