CVE-2022-1354

Опубликовано: 12 апр. 2022

Источник: redhat

CVSS3: 5.5

Описание

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Отчет

In order to successfully exploit this vulberability, the attacker needs to create a specially crafted TIFF file designed to exploit the buffer overflow in the TIFFReadRawDataStriped() function. The attacker must then convince or trick a user into processing the malicious TIFF file using the tiffinfo tool. Considering the high bar of prerequisites for successful exploitation, RH ProdSec has set the Impact of this vulnerability to "Low"

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libtiff	Not affected
Red Hat Enterprise Linux 7	compat-libtiff3	Not affected
Red Hat Enterprise Linux 7	libtiff	Not affected
Red Hat Enterprise Linux 8	compat-libtiff3	Not affected
Red Hat Enterprise Linux 8	libtiff	Fix deferred
Red Hat Enterprise Linux 9	libtiff	Fixed	RHSA-2022:8194	15.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2074404libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-1354

CVSS3: 5.5

ubuntu

почти 3 года назад

CVE-2022-1354

CVSS3: 5.5

nvd

почти 3 года назад

CVE-2022-1354

CVSS3: 5.5

debian

почти 3 года назад

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...

GHSA-8g2j-v7wm-mhv5

CVSS3: 5.5

github

почти 3 года назад

BDU:2024-07309

CVSS3: 5.5

fstec

больше 3 лет назад

Уязвимость функции TIFFReadRawDataStriped() компонента tiffinfo.c библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3