CVE-2022-2867

Опубликовано: 21 дек. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

A flaw was found in libtiff's tiffcrop utility that has a uint32_t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters)to cause a crash or, in some cases, further exploitation.

Отчет

This flaw has been rated as a Moderate because it is present in the tiffcrop utility rather than the libtiff library itself.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libtiff	Out of support scope
Red Hat Enterprise Linux 7	compat-libtiff3	Out of support scope
Red Hat Enterprise Linux 7	libtiff	Out of support scope
Red Hat Enterprise Linux 8	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 9	libtiff	Not affected
Red Hat Enterprise Linux 8	libtiff	Fixed	RHSA-2023:0095	12.01.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-191->CWE-125

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2118847libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c

EPSS

Процентиль: 1%

0.00011

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-2867

CVSS3: 5.5

ubuntu

почти 3 года назад

CVE-2022-2867

CVSS3: 5.5

nvd

почти 3 года назад

CVE-2022-2867

CVSS3: 5.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-2867

CVSS3: 5.5

debian

почти 3 года назад

libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...

GHSA-ww36-qxj8-93p2

CVSS3: 8.8

github

почти 3 года назад

EPSS

Процентиль: 1%

0.00011

Низкий

5.5 Medium

CVSS3