CVE-2022-2520

MEDIUM

libtiff 4.4.0rc1 - Memory Corruption

Title source: llm

Description

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.

References (3)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://gitlab.com/libtiff/libtiff/-/issues/424

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://gitlab.com/libtiff/libtiff/-/merge_requests/378

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5333

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 17.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-131 CWE-617

Status published

Affected Products (2)

libtiff/libtiff

debian/debian_linux

Timeline

Published Aug 31, 2022

Tracked Since Feb 18, 2026