Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-34526

Published: 29/07/2022 Updated: 07/11/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Libtiff

Vulnerability Summary

A stack overflow exists in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 4.4.0

fedoraproject fedora 36

netapp ontap select deploy administration utility -

netapp active iq unified manager -

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Ubuntu Security Notice: USN-5714-1: LibTIFF vulnerabilities
Several security issues were fixed in LibTIFF ...
Debian Security Advisories: DSA-5333-1 tiff -- security update
Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image For the stable distribution (bullseye), these problems have been fixed in version 420-1+deb11u3 We recommend that ...
Red Hat:
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v440 This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2842 libtiff 440-1 Unknown Unknown ...
Amazon Linux 2022: ALAS2022-2022-194
A divide-by-zero vulnerability was found in libtiff This flaw allows an attacker to cause a denial of service via a crafted tiff file (CVE-2022-2056) A divide-by-zero vulnerability was found in libtiff This flaw allows an attacker to cause a denial of service via a crafted tiff file (CVE-2022-2057) A divide-by-zero vulnerability was found in li ...

References

CWE-787https://gitlab.com/libtiff/libtiff/-/issues/433https://security.netapp.com/advisory/ntap-20220930-0002/https://gitlab.com/libtiff/libtiff/-/issues/486https://lists.debian.org/debian-lts-announce/2023/01/msg00018.htmlhttps://www.debian.org/security/2023/dsa-5333https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/https://ubuntu.com/security/notices/USN-5714-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook