CVE-2022-0891
libtiff: heap buffer overflow in extractImageSection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Un desbordamiento del búfer de la pila en la función ExtractImageSection en el archivo tiffcrop.c en libtiff library versión 4.3.0, permite a un atacante desencadenar un acceso no seguro o fuera de límites de la memoria por medio de un archivo de imagen TIFF diseñado, lo que podría resultar en un bloqueo de la aplicación, una posible divulgación de información o cualquier otro impacto dependiente del contexto
It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-09 CVE Reserved
- 2022-03-09 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20221228-0008 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/issues/380 | 2024-08-02 | |
| https://gitlab.com/libtiff/libtiff/-/issues/382 | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | >= 3.9.0 <= 4.3.0 Search vendor "Libtiff" for product "Libtiff" and version " >= 3.9.0 <= 4.3.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||