CVE-2022-26470 An out of bounds write could lead to local escalation of privilege with System privileges. User interaction is not needed for exploitation.

An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036. An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036. An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036. An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of

Introduction

The vulnerability CVE-2022-26470 is a stack-based buffer overflow in the function tiff_getbufsize of libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036.
The vulnerability CVE-2022-26470 is a stack-based buffer overflow in the function tiff_getbufsize of libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036

Timeline

Published on: 09/06/2022 18:15:00 UTC
Last modified on: 09/09/2022 02:24:00 UTC

References

• https://corp.mediatek.com/product-security-bulletin/September-2022
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26470