CVE-2022-2521

Name

CVE-2022-2521

Description

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.com/libtiff/libtiff/-/issues/422
MISC	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
Third Party Advisory	https://www.debian.org/security/2023/dsa-5333

References

Match rules

Vulnerable and fixed packages