5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libtiff.so is vulnerable to NULL pointer dereference. The vulnerability exists in createImageSection
function in tiffcrop.c
because it doesn’t check for return value of limitMalloc which allows an attacker to cause an application crash by sending a crafted tiff file.
CPE | Name | Operator | Version |
---|---|---|---|
libtiff.so | eq | 5.4.0 | |
libtiff.so | eq | 3.9.4 | |
libtiff.so | eq | 5.7.0 | |
libtiff.so | eq | 5.2.0 | |
libtiff.so | le | 4.3.6 | |
tiff:edge | eq | 4.2.0-r1 | |
tiff:edge | eq | 4.1.0-r0 | |
tiff:edge | eq | 4.3.0-r0 | |
tiff:edge | eq | 4.2.0-r0 | |
tiff:3.15 | eq | 4.3.0-r0 |
github.com/advisories/GHSA-6q3c-x5wm-6w9c
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc
gitlab.com/libtiff/libtiff/-/issues/392
gitlab.com/libtiff/libtiff/-/merge_requests/314
lists.fedoraproject.org/archives/list/[email protected]/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
lists.fedoraproject.org/archives/list/[email protected]/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
security.gentoo.org/glsa/202210-10
security.netapp.com/advisory/ntap-20220506-0002/
www.debian.org/security/2022/dsa-5108
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P