7.1

CVE-2022-0891

Exploit
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version >= 3.9.0 <= 4.3.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version35
FedoraprojectFedora Version36
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.54% 0.717
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:N/A:P
cve@gitlab.com 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://security.netapp.com/advisory/ntap-20221228-0008/
Third Party Advisory
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
Patch
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
Third Party Advisory
VDB Entry
https://gitlab.com/libtiff/libtiff/-/issues/380
Patch
Third Party Advisory
Exploit
Issue Tracking
https://gitlab.com/libtiff/libtiff/-/issues/382
Patch
Third Party Advisory
Exploit
Issue Tracking