PT-2023-1169 · Libtiff+10 · Libtiff+10

A13579

·

Publicado

2023-01-22

·

Atualizado

2025-06-26

·

CVE-2022-48281

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions LibTIFF versions through 4.5.0
Description The issue is related to a heap-based buffer overflow in the processCropSelections() function of the tools/tiffcrop.c file in the LibTIFF library. This can be exploited by a remote attacker via a crafted TIFF image, potentially leading to a denial-of-service attack. The processCropSelections() function is vulnerable to a buffer overflow, as seen in the example of a "WRITE of size 307203".
Recommendations For LibTIFF versions through 4.5.0, consider updating to a version later than 4.5.0 to resolve the issue. As a temporary workaround, restrict the use of the processCropSelections() function in the tools/tiffcrop.c file until a patch is available. Avoid processing crafted TIFF images that could trigger the buffer overflow in the processCropSelections() function.

Exploit

Correção

Heap Based Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-787

Identificadores relacionados

ALSA-2023:3711
ALSA-2023:3827
ALT-PU-2025-7185
ALT-PU-2025-7532
ALT-PU-2025-8255
AZL-13151
BDU:2023-00386
CESA-2023_3827
CVE-2022-48281
DLA-3297-1
DSA-5333-1
MGASA-2023-0038
OESA-2023-1047
OPENSUSE-SU-2023_0342-1
OPENSUSE-SU-2024:12643-1
RHSA-2023:3711
RHSA-2023:3827
RHSA-2023_3711
RHSA-2023_3827
RLSA-2023:3711
RLSA-2023:3827
ROSA-SA-2025-2627
SUSE-SU-2023:0199-1
SUSE-SU-2023:0342-1
SUSE-SU-2023_0199-1
SUSE-SU-2023_0342-1
USN-5841-1
USN-6290-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Libtiff
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu