CVE-2022-0891

Published: Mar 10, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Affected (6)

Products: Libtiff: Libtiff · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Libtiff: Libtiff · Debian: Debian Linux · Fedoraproject: Fedora · Netapp: Active Iq Unified Manager

1 product

1 product

1 product

1 product

Active Iq Unified Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	From 3.9.0 to 4.3.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (18)

https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

Source: cve@gitlab.com

PatchThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json

Source: cve@gitlab.com

Third Party AdvisoryVDB Entry

https://gitlab.com/libtiff/libtiff/-/issues/380

Source: cve@gitlab.com

ExploitIssue TrackingPatchThird Party Advisory

https://gitlab.com/libtiff/libtiff/-/issues/382

Source: cve@gitlab.com

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/

Source: cve@gitlab.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/

Source: cve@gitlab.com

https://security.gentoo.org/glsa/202210-10

Source: cve@gitlab.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221228-0008/

Source: cve@gitlab.com

Third Party Advisory

https://www.debian.org/security/2022/dsa-5108

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://gitlab.com/libtiff/libtiff/-/issues/380

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://gitlab.com/libtiff/libtiff/-/issues/382

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202210-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221228-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2022/dsa-5108

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.