CVE-2022-0891

Опубликовано: 10 мар. 2022

Источник: nvd

CVSS3: 6.1

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Ссылки

https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
Patch
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
Third Party Advisory
VDB Entry
https://gitlab.com/libtiff/libtiff/-/issues/380
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/382
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221228-0008/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
Patch
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
Third Party Advisory
VDB Entry
https://gitlab.com/libtiff/libtiff/-/issues/380
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/382
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221228-0008/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5108
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Версия от 3.9.0 (включая) до 4.3.0 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

6.1 Medium

CVSS3

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2022-0891

CVSS3: 6.1

ubuntu

почти 4 года назад

CVE-2022-0891

CVSS3: 6.1

redhat

почти 4 года назад

CVE-2022-0891

CVSS3: 7.1

msrc

почти 4 года назад

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash potential information disclosure or any other context-dependent impact

CVE-2022-0891

CVSS3: 6.1

debian

почти 4 года назад

A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...

GHSA-ppwc-w499-gfmh

CVSS3: 7.1

github

почти 4 года назад

EPSS

Процентиль: 8%

0.00029

Низкий

6.1 Medium

CVSS3

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-787