CVE-2022-2867

Public on 2022-08-17

Modified on 2024-01-27

Description

A flaw was found in libtiffs tiffcrop utility that has a uint32_t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop to cause a crash or, in some cases, further exploitation.

Severity

Important

See what this means

CVSS v3 Base Score

8.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	libtiff	2022-12-01 17:33	ALAS-2022-1647
Amazon Linux 2 - Core	libtiff	2022-10-31 19:40	ALAS2-2022-1872

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2022-2867 Mitre: CVE-2022-2867 FAQs regarding Amazon Linux ALAS/CVE Severity