Lucene search

Redhat.comRH:CVE-2022-32323

HistoryJul 15, 2022 - 7:35 a.m.

CVE-2022-32323

2022-07-1507:35:18

redhat.com

access.redhat.com

buffer overflow

autotrace

bmp image

arbitrary code execution

application crash

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

30.1%

JSON

A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash.

References

bugzilla.redhat.com/show_bug.cgi?id=2107471

nvd.nist.gov/vuln/detail/CVE-2022-32323

www.cve.org/CVERecord?id=CVE-2022-32323

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

30.1%

JSON

Related for RH:CVE-2022-32323