CVE CyberSecurity Database News

CVE-2022-26470 An out of bounds write could lead to local escalation of privilege with System privileges. User interaction is not needed for exploitation.

Poster -

An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036. An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036. An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036. An out of bounds read was found in libtiff/tiffio.c. This could lead to information disclosure or denial of

Introduction

The vulnerability CVE-2022-26470 is a stack-based buffer overflow in the function tiff_getbufsize of libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036.
The vulnerability CVE-2022-26470 is a stack-based buffer overflow in the function tiff_getbufsize of libtiff/tiffio.c. This could lead to information disclosure or denial of service. An attacker could create a specially-crafted image file that could lead to information disclosure or denial of service. Specially-crafted image files could be used to run remote code on a user’s computer. Patch ID: ALPS07116036; Issue ID: ALPS07116036

Timeline

Published on: 09/06/2022 18:15:00 UTC
Last modified on: 09/09/2022 02:24:00 UTC

References