Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-4645

Опубликовано: 01 мар. 2023
Источник: redhat
CVSS3: 5.6
EPSS Низкий

Описание

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.

Отчет

libtiff is a general purpose library to manipulate TIFF images. The library itself is not used directly, it's used via another application linked with the library, which means this issue can only be triggered by an application processing untrusted images. Therefore, if there is no way an attacker can provide a crafted image to an application, it's likely not possible to exploit this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libtiffOut of support scope
Red Hat Enterprise Linux 7compat-libtiff3Out of support scope
Red Hat Enterprise Linux 7libtiffOut of support scope
Red Hat Enterprise Linux 8compat-libtiff3Will not fix
Red Hat Enterprise Linux 8libtiffFixedRHSA-2024:305922.05.2024
Red Hat Enterprise Linux 9libtiffFixedRHSA-2023:234009.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2176220libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c

EPSS

Процентиль: 1%
0.0001
Низкий

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-4645

CVSS3: 6.8
ubuntu
больше 2 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

nvd логотип

CVE-2022-4645

CVSS3: 6.8
nvd
больше 2 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

msrc логотип

CVE-2022-4645

CVSS3: 5.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2022-4645

CVSS3: 6.8
debian
больше 2 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...

rocky логотип

RLSA-2024:3059

rocky
около 1 года назад

Moderate: libtiff security update

EPSS

Процентиль: 1%
0.0001
Низкий

5.6 Medium

CVSS3