CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2867 – libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-2867
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. La utilidad tiffcrop de libtiff presenta un desbordamiento de uint32_t que puede conllevar a una lectura y escritura fuera de límites. Un atacante que suministre un archivo diseñado a tiffcrop (probablemente por medio de engañar a un usuario para que ejecute tiffcrop en él con determinados parámetros) podría causar un bloqueo o, en algunos casos, una explotación adicional. A flaw was found in libtiff's tiffcrop utility that has a uint32_t underflow that can lead to an out-of-bounds read and write. • https://bugzilla.redhat.com/show_bug.cgi?id=2118847 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2867 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2868 – libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()
https://notcve.org/view.php?id=CVE-2022-2868
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. La utilidad tiffcrop de libtiff presenta un fallo de comprobación de entrada inapropiada que puede conllevar a una lectura fuera de límites y, en última instancia, causar un fallo si un atacante es capaz de suministrar un archivo diseñado a tiffcrop. An improper input validation flaw was found in libtiff's tiffcrop utility. This issue can lead to an out-of-bounds read and cause a crash if an attacker can supply a crafted file to tiffcrop. • https://bugzilla.redhat.com/show_bug.cgi?id=2118863 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2868 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2869 – libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()
https://notcve.org/view.php?id=CVE-2022-2869
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. La herramienta tiffcrop de libtiff presenta un desbordamiento de uint32_t que conlleva a una lectura y escritura fuera de límites en la rutina extractContigSamples8bits. Un atacante que suministre un archivo diseñado a tiffcrop podría desencadenar este fallo, probablemente engañando a un usuario para que abra el archivo diseñado con tiffcrop. • https://bugzilla.redhat.com/show_bug.cgi?id=2118869 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2869 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34266
https://notcve.org/view.php?id=CVE-2022-34266
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. El paquete libtiff versión 4.0.3-35.amzn2.0.1 para LibTIFF en Amazon Linux 2 permite a los atacantes causar una denegación de servicio (bloqueo de la aplicación), una vulnerabilidad diferente a CVE-2022-0562. Cuando es procesado un archivo TIFF malicioso, puede pasarse un rango no válido como argumento a la función memset() dentro de TIFFFetchStripThing() en tif_dirread.c. • https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html https://bugs.gentoo.org/859433 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0908 – tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
https://notcve.org/view.php?id=CVE-2022-0908
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Un puntero fuente Null pasado como argumento a la función memcpy() dentro de la función TIFFFetchNormalTag () en el archivo tif_dirread.c en libtiff versiones hasta 4.3.0, podría conllevar a una Denegación de Servicio por medio de un archivo TIFF diseñado A flaw was found in LibTIFF where a NULL source pointer passed as an argument to the memcpy() function within the TIFFFetchNormalTag() in tif_dirread.c. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 https://gitlab.com/libtiff/libtiff/-/issues/383 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2 https://security.gentoo.org/glsa/202210-10 https://security.net • CWE-476: NULL Pointer Dereference •