Lucene search

Gentoo FoundationMGASA-2023-0113

HistoryMar 24, 2023 - 8:55 a.m.

Updated libtiff packages fix security vulnerability

2023-03-2408:55:49

Gentoo Foundation

advisories.mageia.org

libtiff

security vulnerability

out-of-bounds read

denial-of-service

tiff file

unix

cve-2022-4645

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.001

Percentile

20.9%

JSON

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-4645)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlibtiff< 4.2.0-1.15libtiff-4.2.0-1.15.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	libtiff	< 4.2.0-1.15	libtiff-4.2.0-1.15.mga8

References

bugs.mageia.org/show_bug.cgi?id=31668

lists.fedoraproject.org/archives/list/[email protected]/thread/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.001

Percentile

20.9%

JSON

Related for MGASA-2023-0113