Heap Buffer Overflow in libtiff Library Affects Multiple Versions
CVE-2022-0891

7.1HIGH

Key Information:

Vendor: libtiff
Status: libtiff
Vendor: CVE Published:; 10 March 2022

What is CVE-2022-0891?

A vulnerability exists within the libtiff library that may allow attackers to exploit a heap buffer overflow through the 'ExtractImageSection' function in 'tiffcrop.c'. By crafting a malformed TIFF image file, an attacker can trigger unsafe or out-of-bounds memory access, which could lead to various consequences including application crashes and potential information leakage, depending on the context in which the vulnerability is exploited.

Affected Version(s)

libtiff >=3.9.0, <=4.3.0

References

https://gitlab.com/libtiff/libtiff/-/issues/380

https://gitlab.com/libtiff/libtiff/-/issues/382

https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2022
Vulnerability Reserved
Mar 9, 2022

Credit

[email protected]