cbcvebase.
CVE-2022-0891
published 2022-03-10

CVE-2022-0891: A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory…

PriorityP431high7.1CVSS 3.1
AVNACLPRNUIRSUCLINAH
EPSS
1.54%
71.8th percentile
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Affected

9 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiantiff< tiff 4.3.0-6 (bookworm)tiff 4.3.0-6 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
libtifflibtiff
libtifflibtiff3.9.0 – 4.3.0
msrccbl2_libtiff_4.3.0-2_on_cbl_mariner_2.0
msrccm1_libtiff_4.1.0-3_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv7.1HIGH
vendor_msrc7.1HIGH
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.