CVE-2022-48281

Опубликовано: 23 янв. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.5

Описание

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

Релиз	Статус	Примечание
bionic	DNE
esm-infra/focal	DNE
focal	DNE
jammy	DNE
kinetic	DNE
trusty	ignored	end of standard support
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	4.5.0-6ubuntu1
esm-infra-legacy/trusty	released	4.0.3-7ubuntu0.11+esm6
esm-infra/bionic	released	4.0.9-5ubuntu0.10+esm2
esm-infra/focal	released	4.1.0+git191117-2ubuntu0.20.04.9
esm-infra/xenial	released	4.0.6-1ubuntu0.8+esm9
focal	released	4.1.0+git191117-2ubuntu0.20.04.9
jammy	released	4.3.0-6ubuntu0.5
kinetic	ignored	end of life, was needed
lunar	not-affected	4.5.0-5ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%

0.00008

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-48281

CVSS3: 5.5

redhat

почти 3 года назад

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

CVE-2022-48281

CVSS3: 5.5

nvd

почти 3 года назад

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

CVE-2022-48281

CVSS3: 5.5

msrc

почти 3 года назад

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g. "WRITE of size 307203") via a crafted TIFF image.

CVE-2022-48281

CVSS3: 5.5

debian

почти 3 года назад

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has ...

SUSE-SU-2023:0342-1

suse-cvrf

почти 3 года назад

Security update for tiff

EPSS

Процентиль: 1%

0.00008

Низкий

5.5 Medium

CVSS3

CVE-2022-48281

Описание

Пакет libtiff

Пакет tiff

Ссылки на источники

Связанные уязвимости