CVE-2022-2521: Release of Invalid Pointer or Reference

August 31, 2022 (updated February 23, 2023)

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

References

gitlab.com/libtiff/libtiff/-/issues/422
gitlab.com/libtiff/libtiff/-/merge_requests/378
nvd.nist.gov/vuln/detail/CVE-2022-2521

Detect and mitigate CVE-2022-2521 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →