First published: Tue Aug 16 2022(Updated: )
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libtiff Libtiff | <4.4.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
redhat/libtiff | <4.4.0 | 4.4.0 |
debian/tiff | <=4.1.0+git191117-2~deb10u4 | 4.1.0+git191117-2~deb10u8 4.2.0-1+deb11u4 4.2.0-1+deb11u5 4.5.0-6+deb12u1 4.5.1+git230720-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2868 is a vulnerability in libtiff's tiffcrop utility that allows for out of bounds read and can cause a crash if a crafted file is supplied to tiffcrop.
The severity of CVE-2022-2868 is medium with a CVSS score of 5.5.
CVE-2022-2868 affects libtiff versions up to and exclusive of 4.4.0.
To fix CVE-2022-2868 on Red Hat, update to libtiff version 4.4.0 or later.
To fix CVE-2022-2868 on Debian Linux, update to tiff version 4.1.0+git191117-2~deb10u8 or later.