CVE-2022-40090

Опубликовано: 22 авг. 2023

Источник: debian

EPSS Низкий

Описание

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

Пакет	Статус	Версия исправления	Релиз	Тип
tiff	fixed	4.5.0-2		package
tiff	no-dsa		bullseye	package
tiff	ignored		buster	package

https://gitlab.com/libtiff/libtiff/-/issues/455
https://gitlab.com/libtiff/libtiff/-/merge_requests/386
https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1)
The specific PoC starts triggering with https://gitlab.com/libtiff/libtiff/-/commit/7db4f2b62206b9cba6cda538e0f296df0ac371bd (v4.4.0)
but the patch mentions this is an older, more general issue, requiring prior incomplete fix from:
https://gitlab.com/libtiff/libtiff/-/commit/f01c22704826d1587fb8d91b253752b13c6713ba (v4.0.10)
so let's assume versions < v4.4.0 are vulnerable.

EPSS

Процентиль: 1%

0.00012

Низкий

CVE-2022-40090

CVSS3: 6.5

ubuntu

почти 2 года назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

CVE-2022-40090

CVSS3: 6.5

redhat

почти 3 года назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

CVE-2022-40090

CVSS3: 6.5

nvd

почти 2 года назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

GHSA-279f-f7v7-h5h8

CVSS3: 6.5

github

почти 2 года назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

BDU:2023-05285

CVSS3: 6.5

fstec

почти 2 года назад

Уязвимость функции TIFFReadDirectory библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 1%

0.00012

Низкий