Lucene search

Redhat.comRH:CVE-2022-22844

HistoryJan 19, 2022 - 7:52 p.m.

CVE-2022-22844

2022-01-1919:52:40

redhat.com

access.redhat.com

cve-2022-22844

buffer overflow

libtiff

memcpy function

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.3%

JSON

A buffer overflow vulnerability was found in libtiff. This flaw allows an attacker with network access to pass specially crafted files, causing an application to halt or crash. The root cause of this issue was from the memcpy function in tif_unix.c.

References

bugzilla.redhat.com/show_bug.cgi?id=2042603

nvd.nist.gov/vuln/detail/CVE-2022-22844

www.cve.org/CVERecord?id=CVE-2022-22844

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.3%

JSON

Related for RH:CVE-2022-22844