6.8

CVE-2022-4645

Exploit
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version36
FedoraprojectFedora Version37
FedoraprojectFedora Version38
LibtiffLibtiff Version >= 3.5.1 <= 4.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.338
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com 6.8 2.5 4.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
Patch
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/277
Vendor Advisory
Exploit
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230331-0001/
Third Party Advisory