5.5

CVE-2022-0924

Exploit
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version4.3.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version35
FedoraprojectFedora Version36
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.33% 0.673
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
cve@gitlab.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://security.netapp.com/advisory/ntap-20220506-0002/
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/278
Third Party Advisory
Exploit
https://gitlab.com/libtiff/libtiff/-/merge_requests/311
Patch
Third Party Advisory