Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-2521

Опубликовано: 31 авг. 2022
Источник: debian
EPSS Низкий

Описание

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tifffixed4.4.0-6package

Примечания

  • https://gitlab.com/libtiff/libtiff/-/issues/422

  • https://gitlab.com/libtiff/libtiff/-/merge_requests/378

  • https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf

  • https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba

  • Crash in CLI tool, no security impact

EPSS

Процентиль: 25%
0.00081
Низкий

Связанные уязвимости

CVSS3: 6.5
ubuntu
почти 3 года назад

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

CVSS3: 6.5
redhat
около 3 лет назад

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

CVSS3: 6.5
nvd
почти 3 года назад

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

CVSS3: 6.5
github
почти 3 года назад

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

CVSS3: 6.5
fstec
почти 3 года назад

Уязвимость функции tiffclose() библиотеки libtiff , связанная с некорректной обработкой жестких ссылок, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00081
Низкий