CVE-2022-2519

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libtiff version 4.4.0rc1

Description The issue is related to a double free or corruption in the rotateImage() function at tiffcrop.c:8839. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For libtiff version 4.4.0rc1, as a temporary workaround, consider disabling the rotateImage() function until a patch is available.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2023:0095

ALSA-2023:0302

ALT-PU-2022-3360

ALT-PU-2022-3428

ALT-PU-2025-7532

BDU:2023-05418

CESA-2023_0095

CVE-2022-2519

DSA-5333-1

MGASA-2022-0410

OESA-2022-1917

OPENSUSE-SU-2022_3690-1

OPENSUSE-SU-2024:12420-1

RHSA-2023:0095

RHSA-2023:0302

RHSA-2023_0095

RHSA-2023_0302

RLSA-2023:0095

RLSA-2023:0302

SUSE-SU-2022:3679-1

SUSE-SU-2022:3690-1

USN-5714-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

CVE-2022-2519

Weakness Enumeration

Related Identifiers

Affected Products

References · 104