Lucene search

K

GoogleOSV:CVE-2022-1354

HistoryAug 31, 2022 - 4:15 p.m.

CVE-2022-1354

2022-08-3116:15:09

Google

osv.dev

10

cve-2022-1354

libtiffs

tiffreadrawdatastriped

denial of service

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

38.5%

A heap buffer overflow flaw was found in Libtiffs’ tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

References

access.redhat.com/security/cve/CVE-2022-1354

bugzilla.redhat.com/show_bug.cgi?id=2074404

gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798

gitlab.com/libtiff/libtiff/-/issues/319

lists.debian.org/debian-lts-announce/2023/01/msg00018.html

security.gentoo.org/glsa/202210-10

security.netapp.com/advisory/ntap-20221014-0007/

www.debian.org/security/2023/dsa-5333

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

38.5%

Related for OSV:CVE-2022-1354

veracode1 nessus22 ubuntucve1 openvas14 cve1 redhatcve1 debiancve1 cvelist1 prion1 cnvd1 nvd1 mageia1 fedora2 cloudfoundry1 osv4 ubuntu1 ibm1 redhat1 oraclelinux1 almalinux1 gentoo1 debian2