Lucene search

PRIOn knowledge basePRION:CVE-2022-0891

HistoryMar 10, 2022 - 5:44 p.m.

Heap overflow

2022-03-1017:44:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

JSON

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
fedoraeq35
fedoraeq36
libtiffge3.9.0
libtiffle4.3.0

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
fedora	eq	35
fedora	eq	36
libtiff	ge	3.9.0
libtiff	le	4.3.0

References

gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json

gitlab.com/libtiff/libtiff/-/issues/380

gitlab.com/libtiff/libtiff/-/issues/382

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/

security.gentoo.org/glsa/202210-10

security.netapp.com/advisory/ntap-20221228-0008/

www.debian.org/security/2022/dsa-5108