CVE-2022-3570

2022-10-2116:15:10

CWE-787

[email protected]

web.nvd.nist.gov

112

cve-2022-3570

tiffcrop.c

libtiff

buffer overflows

memory access

application crash

information disclosure

nvd

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Affected configurations

NVD

Node

libtifflibtiffRange3.9.0–4.4.0

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

CPENameOperatorVersion
libtiff:libtifflibtiffle4.4.0

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	le	4.4.0

CNA Affected

[
  {
    "vendor": "libtiff",
    "product": "libtiff",
    "versions": [
      {
        "version": ">=3.9.0, <=4.4.0",
        "status": "affected"
      }
    ]
  }
]