CVE-2022-1355
31.08.2022, 16:15
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| libtiff | libtiff | 𝑥 < 4.4.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
References