CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
78.6%
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
Vendor | Product | Version | CPE |
---|---|---|---|
libtiff | libtiff | * | cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* |
netapp | active_iq_unified_manager | - | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
[
{
"vendor": "libtiff",
"product": "libtiff",
"versions": [
{
"version": "<=4.4.0",
"status": "affected"
}
]
}
]
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json
gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
gitlab.com/libtiff/libtiff/-/issues/411
lists.debian.org/debian-lts-announce/2023/01/msg00018.html
security.netapp.com/advisory/ntap-20230110-0001/
www.debian.org/security/2023/dsa-5333
More
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
78.6%