Msrc Cbl2 Libtiff 4.5.0-1 On Cbl Mariner 2.0 vulnerabilities

4 known vulnerabilities affecting msrc/cbl2_libtiff_4.5.0-1_on_cbl_mariner_2.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-4645MEDIUMCVSS 5.52023-03-14
CVE-2022-4645 [MEDIUM] CWE-125 LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit e8131125. FAQ: Is Azure Linux the only Micros
msrc
CVE-2022-2868MEDIUMCVSS 5.52022-08-09
CVE-2022-2868 [MEDIUM] CWE-1284 libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library a
msrc
CVE-2022-2867MEDIUMCVSS 5.52022-08-09
CVE-2022-2867 [MEDIUM] CWE-191 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases furth
msrc
CVE-2022-2869MEDIUMCVSS 5.52022-08-09
CVE-2022-2869 [MEDIUM] CWE-191 libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw most likely by tricking a user into opening the crafted f
msrc