CVE-2022-0891: Out-of-bounds Write

March 10, 2022 (updated November 7, 2023)

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

References

gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
gitlab.com/libtiff/libtiff/-/issues/380
gitlab.com/libtiff/libtiff/-/issues/382
nvd.nist.gov/vuln/detail/CVE-2022-0891

Detect and mitigate CVE-2022-0891 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →