CVE-2022-1355

Опубликовано: 31 авг. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Ссылки

https://access.redhat.com/security/cve/CVE-2022-1355
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2074415
Exploit
Issue Tracking
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/400
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/323
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221014-0007/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5333
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-1355
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2074415
Exploit
Issue Tracking
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/400
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/323
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202210-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221014-0007/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5333
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Версия до 4.4.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00038

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-121

CWE-119

Связанные уязвимости

CVE-2022-1355

CVSS3: 6.1

ubuntu

почти 3 года назад

CVE-2022-1355

CVSS3: 6.6

redhat

больше 3 лет назад

CVE-2022-1355

CVSS3: 6.1

debian

почти 3 года назад

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...

GHSA-2fqh-vmvf-c822

CVSS3: 6.1

github

почти 3 года назад

BDU:2023-09082

CVSS3: 6.1

fstec

больше 3 лет назад

Уязвимость функции main() компонента tiffcp.c библиотеки LibTIFF, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 10%

0.00038

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-121

CWE-119