Lucene search

K

Redhat.comRH:CVE-2022-1355

HistoryApr 14, 2022 - 12:56 p.m.

CVE-2022-1355

2022-04-1412:56:19

redhat.com

access.redhat.com

19

stack buffer overflow

libtiffs' tiffcp.c

denial of service

crafted tiff file

memory corruption

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

40.2%

A stack buffer overflow flaw was found in Libtiffs’ tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=2074415

nvd.nist.gov/vuln/detail/CVE-2022-1355

www.cve.org/CVERecord?id=CVE-2022-1355

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

40.2%

Related for RH:CVE-2022-1355

openvas21 ibm3 cnvd1 nessus35 veracode1 nvd1 osv7 prion1 debiancve1 ubuntucve1 cvelist1 cve1 amazon2 mageia1 fedora2 cloudfoundry1 ubuntu1 rosalinux1 redhat8 almalinux2 oraclelinux2 rocky1 gentoo1 debian2