Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-2869

Опубликовано: 17 авг. 2022
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 5.5

Описание

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

РелизСтатусПримечание
bionic

released

4.0.9-5ubuntu0.8
devel

not-affected

4.4.0~rc1-1
esm-infra-legacy/trusty

released

4.0.3-7ubuntu0.11+esm3
esm-infra/bionic

released

4.0.9-5ubuntu0.8
esm-infra/focal

released

4.1.0+git191117-2ubuntu0.20.04.6
esm-infra/xenial

released

4.0.6-1ubuntu0.8+esm3
focal

released

4.1.0+git191117-2ubuntu0.20.04.6
jammy

released

4.3.0-6ubuntu0.2
kinetic

not-affected

4.4.0~rc1-1
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 6%
0.00025
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-2869

CVSS3: 5.5
redhat
около 4 лет назад

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

nvd логотип

CVE-2022-2869

CVSS3: 5.5
nvd
больше 3 лет назад

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

msrc логотип

CVE-2022-2869

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-2869

CVSS3: 5.5
debian
больше 3 лет назад

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...

github логотип

GHSA-m98c-rvx4-4xmr

CVSS3: 8.8
github
больше 3 лет назад

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

EPSS

Процентиль: 6%
0.00025
Низкий

5.5 Medium

CVSS3