CVE-2022-48281

Name

CVE-2022-48281

Description

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://gitlab.com/libtiff/libtiff/-/issues/488
MISC	https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5
DEBIAN	https://www.debian.org/security/2023/dsa-5333
Mailing List	https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html
CONFIRM	https://security.netapp.com/advisory/ntap-20230302-0004/
GENTOO	https://security.gentoo.org/glsa/202305-31

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libtiff:libtiff::::::::`	libtiff	>= None	<= 4.5.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status