CVE-2022-2867
published 2022-08-17CVE-2022-2867: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely…
PriorityP421medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.30%
21.8th percentile
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.4.0~rc1-1 (bookworm) | tiff 4.4.0~rc1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libtiff | libtiff | < 4.4.0 | 4.4.0 |
| libtiff | libtiff | — | — |
| msrc | cbl2_libtiff_4.5.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_libtiff_4.5.0-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
LibTIFF tiffcrop out-of-bounds write (EUVD-2022-35101 / Nessus ID 274520)
vuldb·2026-05-28·CVSS 5.5
CVE-2022-2867 [MEDIUM] LibTIFF tiffcrop out-of-bounds write (EUVD-2022-35101 / Nessus ID 274520)
A vulnerability classified as critical was found in LibTIFF. This affects an unknown function of the component tiffcrop. Such manipulation leads to out-of-bounds write.
This vulnerability is traded as CVE-2022-2867. The attack may be launched remotely. There is no exploit available.
OSV
tiff vulnerabilities
osv·2022-11-08·CVSS 6.5
CVE-2022-2519 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF incorrectly handled certain memory operations
when using tiffcrop. An attacker could trick a user into processing a specially
crafted tiff image file and potentially use this issue to cause a denial of
service. This issue only affected Ubuntu 22.10. (CVE-2022-2519, CVE-2022-2520,
CVE-2022-2521, CVE-2022-2953)
It was discovered that LibTIFF did not properly perform bounds checking in
certain operations when using tiffcrop. An attacker could trick a user into
processing a specially crafted tiff image file and potentially use this issue
to allow for information disclosure or to cause the application to crash. This
issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-2867, CVE-2022-2868, CVE-2022-2869)
GHSA
Stored XSS vulnerability in Jenkins DotCi Plugin
ghsa·2022-09-22
CVE-2022-41239 [HIGH] CWE-79 Stored XSS vulnerability in Jenkins DotCi Plugin
Stored XSS vulnerability in Jenkins DotCi Plugin
DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted commit notifications to the `/githook/` endpoint (see also [SECURITY-2867](https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2867)).
This vulnerability is only exploitable in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#SECURITY-2452).
OSV
tiff vulnerabilities
osv·2022-09-08·CVSS 5.5
CVE-2022-2867 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-2867, CVE-2022-2869)
It was discovered that LibTIFF incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-2868)
GHSA
GHSA-ww36-qxj8-93p2: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write
ghsa_unreviewed·2022-08-18
CVE-2022-2867 [HIGH] CWE-125 GHSA-ww36-qxj8-93p2: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
OSV
CVE-2022-2867: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write
osv·2022-08-17·CVSS 5.5
CVE-2022-2867 [MEDIUM] CVE-2022-2867: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-11-08·CVSS 6.5
CVE-2022-2869 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF incorrectly handled certain memory operations
when using tiffcrop. An attacker could trick a user into processing a specially
crafted tiff image file and potentially use this issue to cause a denial of
service. This issue only affected Ubuntu 22.10. (CVE-2022-2519, CVE-2022-2520,
CVE-2022-2521, CVE-2022-2953)
It was discovered that LibTIFF did not properly perform bounds checking in
certain operations when using tiffcrop. An attacker could trick a user into
processing a specially crafted tiff image file and potentially use this issue
to allow for information disclosure or to cause the application to crash. This
issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS an
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2022-09-08·CVSS 5.5
CVE-2022-2869 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-2867, CVE-2022-2869)
It was discovered that LibTIFF incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-2868)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it
vendor_msrc·2022-08-09·CVSS 5.5
CVE-2022-2867 [MEDIUM] CWE-191 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases further exploitation.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for
Debian
CVE-2022-2867: tiff - libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of boun...
vendor_debian·2022·CVSS 5.5
CVE-2022-2867 [MEDIUM] CVE-2022-2867: tiff - libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of boun...
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Scope: local
bookworm: resolved (fixed in 4.4.0~rc1-1)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed in 4.4.0~rc1-1)
sid: resolved (fixed in 4.4.0~rc1-1)
trixie: resolved (fixed in 4.4.0~rc1-1)
Red Hat
libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c
vendor_redhat·2021-12-21·CVSS 5.5
CVE-2022-2867 [MEDIUM] CWE-191 libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c
libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
A flaw was found in libtiff's tiffcrop utility that has a uint32_t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters)to cause a crash or, in some cases, further exploitation.
Statement: This flaw has been rated as a Moderate because it is present in the tiffcrop utility rather
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=2118847https://lists.debian.org/debian-lts-announce/2023/01/msg00018.htmlhttps://www.debian.org/security/2023/dsa-5333https://bugzilla.redhat.com/show_bug.cgi?id=2118847https://lists.debian.org/debian-lts-announce/2023/01/msg00018.htmlhttps://www.debian.org/security/2023/dsa-5333
2022-08-17
Published