Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-40090

Опубликовано: 22 авг. 2022
Источник: redhat
CVSS3: 6.5

Описание

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.

Меры по смягчению последствий

Applications that do not parse files from untrusted or malicious sources will not be affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libtiffOut of support scope
Red Hat Enterprise Linux 7compat-libtiff3Out of support scope
Red Hat Enterprise Linux 7libtiffOut of support scope
Red Hat Enterprise Linux 8compat-libtiff3Will not fix
Red Hat Enterprise Linux 8libtiffWill not fix
Red Hat Enterprise Linux 9libtiffFixedRHSA-2024:228930.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2234970libtiff: infinite loop via a crafted TIFF file

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-40090

CVSS3: 6.5
ubuntu
больше 2 лет назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

nvd логотип

CVE-2022-40090

CVSS3: 6.5
nvd
больше 2 лет назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

debian логотип

CVE-2022-40090

CVSS3: 6.5
debian
больше 2 лет назад

An issue was discovered in function TIFFReadDirectory libtiff before 4 ...

github логотип

GHSA-279f-f7v7-h5h8

CVSS3: 6.5
github
больше 2 лет назад

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

fstec логотип

BDU:2023-05285

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость функции TIFFReadDirectory библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

6.5 Medium

CVSS3