Lucene search

GitLabCVE-2022-0562

HistoryFeb 11, 2022 - 6:15 p.m.

CVE-2022-0562

2022-02-1118:15:11

CWE-476

GitLab

web.nvd.nist.gov

185

cve

2022

0562

null source pointer

memcpy

libtiff

dos

tiff file

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

49.0%

JSON

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

Affected configurations

Nvd

Vulners

Node

libtifflibtiffRange4.0.0–4.3.0

Node

fedoraprojectfedoraMatch35

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

netappontap_select_deploy_administration_utilityMatch-

VendorProductVersionCPE
libtifflibtiff*cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libtiff	libtiff	*	cpe:2.3:a:libtiff:libtiff::::::::
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*

CNA Affected

[
  {
    "vendor": "libtiff",
    "product": "libtiff",
    "versions": [
      {
        "version": ">=4.0, <=4.3.0",
        "status": "affected"
      }
    ]
  }
]