7.1
CVE-2022-0891
- EPSS 0.05%
- Published 10.03.2022 17:44:58
- Last modified 21.11.2024 06:39:36
- Source cve@gitlab.com
- Teams watchlist Login
- Open Login
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.155 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:P
|
| cve@gitlab.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.