CVE-2022-0891

Description

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

5.8

VectorString

AV:N/AC:M/Au:N/C:P/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE