5.5

CVE-2022-1622

Exploit

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Data is provided by the National Vulnerability Database (NVD)
LibtiffLibtiff Version4.3.0
FedoraprojectFedora Version35
FedoraprojectFedora Version36
AppleiPhone OS Version < 16.0
ApplemacOS Version >= 11.0 < 11.7
ApplemacOS Version >= 12.0 < 12.6
AppletvOS Version < 16.0
ApplewatchOS Version < 9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.261
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
cve@gitlab.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://support.apple.com/kb/HT213446
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213486
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213487
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213488
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213443
Third Party Advisory
Release Notes
https://support.apple.com/kb/HT213444
Third Party Advisory
Release Notes