Vulnerabilities > CVE-2022-0891 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
HIGH Summary
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
- https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
- https://gitlab.com/libtiff/libtiff/-/issues/380
- https://gitlab.com/libtiff/libtiff/-/issues/380
- https://gitlab.com/libtiff/libtiff/-/issues/382
- https://gitlab.com/libtiff/libtiff/-/issues/382
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/
- https://security.gentoo.org/glsa/202210-10
- https://security.gentoo.org/glsa/202210-10
- https://security.netapp.com/advisory/ntap-20221228-0008/
- https://security.netapp.com/advisory/ntap-20221228-0008/
- https://www.debian.org/security/2022/dsa-5108
- https://www.debian.org/security/2022/dsa-5108