CVE-2022-2868: Improper Input Validation

August 17, 2022 (updated November 7, 2023)

libtiff’s tiffcrop utility has a improper input validation flaw that can lead to out-of-bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

References

bugzilla.redhat.com/show_bug.cgi?id=2118863
nvd.nist.gov/vuln/detail/CVE-2022-2868

Detect and mitigate CVE-2022-2868 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →