CVE-2022-48281
libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, "WRITE of size 307203") via a crafted TIFF image.
It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-01-23 CVE Reserved
- 2023-01-23 CVE Published
- 2025-03-30 EPSS Updated
- 2025-04-03 CVE Updated
- 2025-04-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html | Mailing List |
|
https://security.netapp.com/advisory/ntap-20230302-0004 |
|
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/issues/488 | 2025-04-03 |
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5 | 2023-05-30 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202305-31 | 2023-05-30 | |
https://www.debian.org/security/2023/dsa-5333 | 2023-05-30 | |
https://access.redhat.com/security/cve/CVE-2022-48281 | 2023-06-27 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2163606 | 2023-06-27 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | <= 4.5.0 Search vendor "Libtiff" for product "Libtiff" and version " <= 4.5.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|