5.5

CVE-2022-1622

Exploit
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version4.3.0
FedoraprojectFedora Version35
FedoraprojectFedora Version36
AppleiPhone OS Version < 16.0
ApplemacOS Version >= 11.0 < 11.7
ApplemacOS Version >= 12.0 < 12.6
AppletvOS Version < 16.0
ApplewatchOS Version < 9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.742
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
cve@gitlab.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2022/Oct/28
http://seclists.org/fulldisclosure/2022/Oct/39
http://seclists.org/fulldisclosure/2022/Oct/41
Third Party Advisory
https://support.apple.com/kb/HT213446
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213486
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213487
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213488
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213443
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213444
Third Party Advisory
Release Notes
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/410
Third Party Advisory
Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/
https://security.netapp.com/advisory/ntap-20220616-0005/
Third Party Advisory