7.1
CVSSv3

CVE-2022-0891

Published: 10/03/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Vulnerability Summary

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows malicious user to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 35

fedoraproject fedora 36

netapp active iq unified manager -

Vendor Advisories

Several security issues were fixed in LibTIFF ...
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service if malformed image files are processed For the oldstable distribution (buster), these problems have been fixed in version 410+git191117-2~deb10u4 For the stable distribution (bullseye), these problems have been fixe ...
There exists one heap buffer overflow in _TIFFmemcpy in tif_unixc in libtiff 4010, which allows an attacker to cause a denial-of-service through a crafted tiff file (CVE-2020-18768) A heap buffer overflow in ExtractImageSection function in tiffcropc in libtiff library Version 430 allows attacker to trigger unsafe or out of bounds memory acce ...
Synopsis Moderate: Logging Subsystem 555 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 555 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Synopsis Important: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Important Topic An update is now available for Migration Toolkit for Runtimes (v101)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a ...
Synopsis Important: Red Hat Advanced Cluster Management 263 security update Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 263 GeneralAvailability release images, which provide security updates, fix bugs, and update container imagesRed Hat Product Security has rated this update as havi ...
Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Synopsis Moderate: Openshift Logging 5314 bug fix release and security update Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5314)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Synopsis Moderate: Migration Toolkit for Containers (MTC) 176 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 176 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
A heap buffer overflow in ExtractImageSection function in tiffcropc in libtiff library Version 430 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact ...
Severity Unknown Remote Unknown Type Unknown Description AVG-2659 lib32-libtiff 430-1 430-2 Unknown Unknown AVG-2658 libtiff 430-1 430-2 Unknown Unknown ...
A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy() function within the TIFFFetchStripThing() in tif_dirreadc This flaw allows an attacker with a crafted TIFF file to exploit this flaw, causing a crash and leading to a denial of service (CVE-2022-0561) A flaw was found in libtiff where a NULL source poin ...