Your submission was sent successfully! Close

CVE-2022-0891

Published: 10 March 2022

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
bionic
Released (4.0.9-5ubuntu0.5)
focal
Released (4.1.0+git191117-2ubuntu0.20.04.3)
impish
Released (4.3.0-1ubuntu0.1)
jammy Not vulnerable
(4.3.0-6)
trusty
Released (4.0.3-7ubuntu0.11+esm1)
upstream
Released (4.4.0, 4.3.0-6)
xenial
Released (4.0.6-1ubuntu0.8+esm1)
Patches:
upstream: https://gitlab.com/libtiff/libtiff/-/commit/46dc8fcd4d38c3b6f35ab28e532aee80e6f609d6