CVE-2022-2868

EPSS 0.02%
Veröffentlicht 17.08.2022 22:15:08
Zuletzt bearbeitet 21.11.2024 07:01:50
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libtiff ≫ Libtiff Version < 4.4.0

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.debian.org/security/2023/dsa-5333

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2118863

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-2868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2868

EUVD