PT-2023-1169 · Libtiff+10 · Libtiff+10

A13579

Published

2023-01-22

Updated

2025-06-26

CVE-2022-48281

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions LibTIFF versions through 4.5.0

Description The issue is related to a heap-based buffer overflow in the processCropSelections() function of the tools/tiffcrop.c file in the LibTIFF library. This can be exploited by a remote attacker via a crafted TIFF image, potentially leading to a denial-of-service attack. The processCropSelections() function is vulnerable to a buffer overflow, as seen in the example of a "WRITE of size 307203".

Recommendations For LibTIFF versions through 4.5.0, consider updating to a version later than 4.5.0 to resolve the issue. As a temporary workaround, restrict the use of the processCropSelections() function in the tools/tiffcrop.c file until a patch is available. Avoid processing crafted TIFF images that could trigger the buffer overflow in the processCropSelections() function.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2023:3711

ALSA-2023:3827

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-13151

BDU:2023-00386

CESA-2023_3827

CVE-2022-48281

DLA-3297-1

DSA-5333-1

MGASA-2023-0038

OESA-2023-1047

OPENSUSE-SU-2023_0342-1

OPENSUSE-SU-2024:12643-1

RHSA-2023:3711

RHSA-2023:3827

RHSA-2023_3711

RHSA-2023_3827

RLSA-2023:3711

RLSA-2023:3827

ROSA-SA-2025-2627

SUSE-SU-2023:0199-1

SUSE-SU-2023:0342-1

SUSE-SU-2023_0199-1

SUSE-SU-2023_0342-1

USN-5841-1

USN-6290-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libtiff

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-1169 · Libtiff+10 · Libtiff+10

CVE-2022-48281

Weakness Enumeration

Related Identifiers

Affected Products

References · 107