CVE-2022-34526

2022-07-2923:15:08

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.2%

JSON

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the “tiffsplit” or “tiffcrop” utilities.

CPENameOperatorVersion
libtiffeq3.7.0alpha
libtiffeq4.0.0alpha4
tiffeq4.0.1-r0
libtiffeq4.4.0
libtiffeq3.7.2
libtiffeq4.2.0
tiffeq4.0.9-r0
tiffeq4.2.0-r1
libtiffeq3.5.4
tiffeq3.8.2-r0

Name	Operator	Version
libtiff	eq	3.7.0alpha
libtiff	eq	4.0.0alpha4
tiff	eq	4.0.1-r0
libtiff	eq	4.4.0
libtiff	eq	3.7.2
libtiff	eq	4.2.0
tiff	eq	4.0.9-r0
tiff	eq	4.2.0-r1
libtiff	eq	3.5.4
tiff	eq	3.8.2-r0