CVE-2022-2868

EPSS 0.02%
Published 17.08.2022 22:15:08
Last modified 21.11.2024 07:01:50
Source secalert@redhat.com
Teams watchlist Login
Open Login

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

Affected products Warnungen 0 Metrics 2 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Libtiff ≫ Libtiff Version < 4.4.0

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.debian.org/security/2023/dsa-5333

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2118863

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-2868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2868

EUVD