Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-2520HistoryAug 31, 2022 - 4:15 p.m.
CVE-2022-2520
2022-08-3116:15:11
Alpine Linux Development Team
security.alpinelinux.org
9
libtiff 4.4.0rc1
sysmalloc assertion
rotateimage
tiffcrop.c
program crash
crafted input
unix
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.1%
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | tiff | < 4.4.0-r1 | UNKNOWN |
| Alpine | 3.15-main | noarch | tiff | < 4.4.0-r3 | UNKNOWN |
| Alpine | 3.16-main | noarch | tiff | < 4.4.0-r3 | UNKNOWN |
| Alpine | 3.17-main | noarch | tiff | < 4.4.0-r1 | UNKNOWN |
| Alpine | 3.18-main | noarch | tiff | < 4.4.0-r1 | UNKNOWN |
| Alpine | 3.19-main | noarch | tiff | < 4.4.0-r1 | UNKNOWN |
| Alpine | 3.20-main | noarch | tiff | < 4.4.0-r1 | UNKNOWN |
Related
nvd
nvd
CVE-2022-2520
2022-08-31 16:15:11
osv
osv
CVE-2022-2520
2022-08-31 16:15:11
Moderate: libtiff security update
2023-01-23 14:29:57
Moderate: libtiff security update
2023-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2022-2520
2022-08-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-01 05:51:24
debiancve
debiancve
CVE-2022-2520
2022-08-31 16:15:11
redhatcve
redhatcve
CVE-2022-2520
2022-08-30 20:15:43
cve
cve
CVE-2022-2520
2022-08-31 16:15:11
cnvd
cnvd
prion
prion
Input validation
2022-08-31 16:15:00
cvelist
cvelist
CVE-2022-2520
2022-08-31 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0410)
2022-11-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3679-1)
2022-10-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3690-1)
2022-10-24 00:00:00
nessus
nessus
Amazon Linux 2 : libtiff (ALAS-2023-2212)
2023-08-23 00:00:00
CentOS 9 : libtiff-4.4.0-5.el9
2024-02-29 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-11-08 22:44:28
amazon
amazon
Medium: libtiff
2023-08-17 11:58:00
oraclelinux
oraclelinux
libtiff security update
2023-01-24 00:00:00
libtiff security update
2023-01-12 00:00:00
rocky
rocky
libtiff security update
2023-01-23 14:29:57
libtiff security update
2023-01-12 08:25:25
almalinux
almalinux
Moderate: libtiff security update
2023-01-23 00:00:00
Moderate: libtiff security update
2023-01-12 00:00:00
redhat
redhat
(RHSA-2023:0302) Moderate: libtiff security update
2023-01-23 14:29:57
(RHSA-2023:0095) Moderate: libtiff security update
2023-01-12 08:25:25
ibm
ibm
suse
suse
Security update for tiff (important)
2022-10-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.4.0-alt2
2022-12-27 00:00:00
cloudfoundry
cloudfoundry
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-11-08 00:00:00
debian
debian
[SECURITY] [DSA 5333-1] tiff security update
2023-01-29 12:55:02
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.1%
Related for ALPINE:CVE-2022-2520