CVE-2022-1210Uncontrolled Resource Consumption in Libtiff

CWE-400Uncontrolled Resource ConsumptionCWE-404Improper Resource Shutdown or Release40 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 84.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LibtiffDebian TiffMsrc Cbl2 Libtiff 4.4.0-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedApr 3
Latest updateJun 14

Description

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDlibtiff/libtiff4.3.0
debiandebian/tiff

🔴Vulnerability Details

2
GHSA
GHSA-3h6x-gjf3-36gg: A vulnerability classified as problematic was found in LibTIFF 42022-04-04
OSV
CVE-2022-1210: A vulnerability classified as problematic was found in LibTIFF 42022-04-03

💥Exploits & PoCs

2
Exploit-DB
Avantune Genialcloud ProJ 10 - Cross-Site Scripting (XSS)2022-06-14
Exploit-DB
PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)2022-05-11

📋Vendor Advisories

35
Microsoft
Chromium: CVE-2022-1638 Heap buffer overflow in V8 Internationalization2022-05-10
Microsoft
Chromium: CVE-2022-1634 Use after free in Browser UI2022-05-10
Microsoft
Chromium: CVE-2022-1635 Use after free in Permission Prompts2022-05-10
Microsoft
Chromium: CVE-2022-1639 Use after free in ANGLE2022-05-10
Microsoft
Chromium: CVE-2022-1640 Use after free in Sharing2022-05-10