CVE-2022-2868

MEDIUM

libtiff - Memory Corruption

Title source: llm

Description

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

References (3)

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5333

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2118863

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-1284 CWE-20

Status published

Products (5)

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 35

fedoraproject/fedora 36

libtiff/libtiff < 4.4.0

Published Aug 17, 2022

Tracked Since Feb 18, 2026