CVE-2022-2520

Name
CVE-2022-2520
Description
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/libtiff/libtiff/-/issues/424
MISC https://gitlab.com/libtiff/libtiff/-/merge_requests/378
Third Party Advisory https://www.debian.org/security/2023/dsa-5333

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libtiff:libtiff:4.4.0:rc1:*:*:*:*:*:* libtiff == None == 4.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status