CVE-2022-0865

Опубликовано: 10 мар. 2022

Источник: nvd

CVSS3: 5.5

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json
Third Party Advisory
VDB Entry
https://gitlab.com/libtiff/libtiff/-/issues/385
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/306
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221228-0008/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json
Third Party Advisory
VDB Entry
https://gitlab.com/libtiff/libtiff/-/issues/385
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/306
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221228-0008/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libtiff:libtiff:4.3.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.5 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-617

Связанные уязвимости

CVE-2022-0865

CVSS3: 5.5

ubuntu

почти 4 года назад

CVE-2022-0865

CVSS3: 6.2

redhat

почти 4 года назад

CVE-2022-0865

CVSS3: 6.5

msrc

почти 4 года назад

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 5e180045.

CVE-2022-0865

CVSS3: 5.5

debian

почти 4 года назад

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cau ...

GHSA-6x45-qmh6-q92p

CVSS3: 6.5

github

почти 4 года назад

EPSS

Процентиль: 8%

0.0003

Низкий

5.5 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-617