Lucene search

K
osvGoogleOSV:USN-5743-2
HistoryDec 01, 2022 - 4:21 p.m.

tiff vulnerability

2022-12-0116:21:13
Google
osv.dev
6
libtiff
ubuntu
vulnerability
denial of service
arbitrary code
remote attacker
user privileges

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.3%

USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the
corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 22.10.

Original advisory details:

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.3%