CVE-2022-2520

Published: Aug 31, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.

Affected (2)

Products: Libtiff: Libtiff · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.4.0 rc1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

CWE-131

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (6)

https://gitlab.com/libtiff/libtiff/-/issues/424

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://gitlab.com/libtiff/libtiff/-/merge_requests/378

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://www.debian.org/security/2023/dsa-5333

Source: secalert@redhat.com

Third Party Advisory

https://gitlab.com/libtiff/libtiff/-/issues/424

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://gitlab.com/libtiff/libtiff/-/merge_requests/378

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://www.debian.org/security/2023/dsa-5333

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.