Vulnerabilities > CVE-2022-34526 - Out-of-bounds Write vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2022-07-29

Updated: 2023-11-07

Summary

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

Vulnerable Configurations

Part	Description	Count
Application	Libtiff Libtiff Libtiff 4.4.0	1
Application	Netapp Netapp Ontap Select Deploy Administration Utility - Netapp Active IQ Unified Manager -	2
OS	Fedoraproject Fedoraproject Fedora 36	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://gitlab.com/libtiff/libtiff/-/issues/433
https://security.netapp.com/advisory/ntap-20220930-0002/
https://gitlab.com/libtiff/libtiff/-/issues/486
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
https://www.debian.org/security/2023/dsa-5333
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/