CVE-2022-3599 (Medium) detected in multiple libraries

[mend-bolt-for-github[bot]]

CVE-2022-3599 - Medium Severity Vulnerability

Vulnerable Libraries - external_pdfiumtinker_edge_r-android9-1.0.2, external_pdfiumtinker_edge_r-android9-1.0.2, external_pdfiumtinker_edge_r-android9-1.0.2, external_pdfiumtinker_edge_r-android9-1.0.2

Vulnerability Details

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

Publish Date: 2022-10-21

URL: CVE-2022-3599

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.