CVE-2022-0891

CVSS v2.0

7.8

High

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff library version 4.3.0

Description A heap buffer overflow in the ExtractImageSection function in tiffcrop.c allows an attacker to trigger unsafe or out of bounds memory access via a crafted TIFF image file, which could result in an application crash, potential information disclosure, or any other context-dependent impact.

Recommendations For libtiff library version 4.3.0, consider updating to a newer version that contains a fix for this issue, as using a crafted TIFF image file could lead to application crash or information disclosure. As a temporary workaround, consider restricting the use of the ExtractImageSection function in tiffcrop.c until a patch is available. Avoid using the tiffcrop.c component with untrusted TIFF image files until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:7585

ALSA-2022:8194

ALT-PU-2022-2007

ALT-PU-2022-3428

ALT-PU-2025-7532

AZL-8968

BDU:2022-05792

CESA-2022_7585

CVE-2022-0891

DSA-5108-1

MGASA-2022-0119

OESA-2022-1594

OESA-2022-2067

OPENSUSE-SU-2022_1882-1

OPENSUSE-SU-2024:12057-1

RHSA-2022:7585

RHSA-2022:8194

RHSA-2022_7585

RHSA-2022_8194

RLSA-2022:7585

SUSE-SU-2022:1667-1

SUSE-SU-2022:1882-1

SUSE-SU-2022_1667-1

USN-5421-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

CVE-2022-0891

Weakness Enumeration

Related Identifiers

Affected Products

References · 111