CVE-2022-0891

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0891
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0891
Downstream
Related
Published
2022-03-09T00:00:00Z
Modified
2026-03-10T23:54:12.710375Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0891.json"
}
References

Affected packages

Git
github.com/vadz/libtiff

Affected ranges

Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70abe85f53fd6f3127bd18e2118b36216a0e7094
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "36"
        }
    ]
}

Affected versions

Other
Pre360
Release-
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json"
gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff
Events
Introduced
616624213caa4017313ca0aac850c1101759d4ff
Fixed
232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

Database specific

vanir_signatures 
[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2022-0891-2673b01d",
        "target": {
            "file": "tools/tiffcrop.c",
            "function": "writeImageSections"
        },
        "digest": {
            "length": 1297.0,
            "function_hash": "235928622411016398176817725906599250648"
        },
        "signature_version": "v1",
        "source": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2022-0891-7f4182cd",
        "target": {
            "file": "tools/tiffcrop.c",
            "function": "extractImageSection"
        },
        "digest": {
            "length": 5496.0,
            "function_hash": "58429106897006448512210926992145966514"
        },
        "signature_version": "v1",
        "source": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2022-0891-bc3aaf2c",
        "target": {
            "file": "tools/tiffcrop.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "84143576990680265652521229894417814333",
                "271593314867257796737109888228331430504",
                "198562696645059733946134486032749154898",
                "208591347719593239758415857030837595427",
                "191367084343252554457486973349184692540",
                "16828180405297449826159600382786472958",
                "194599737744737037385450639568704953646",
                "264612011217942229048089835657051903509",
                "150675504432903172666537405257917815401",
                "304138807671563484898417420593142900883",
                "335662010454009818962963332277196154082",
                "31268966561907612255282568706795749849",
                "35105307779271944392485153667554553162",
                "274140588409951905799689678189247745175",
                "214024111320564791417452542546834541690",
                "153009763350915999966856162168433728966",
                "77041414950856372973072368995500076818",
                "320877450205967015515037865212940050044",
                "119185770621077228290922240666201267316",
                "9149817626677961363198625149656728124",
                "2428745461092070702094333212464911210",
                "98592336796959696276292437946556330784",
                "37465507881009575582229063171034153786",
                "46587671839823969675013782030618233202",
                "293620572689309912463628748992499555346",
                "245698697758840926606246234586853797125",
                "79907105164856904623720052261541684803",
                "66339006927447622895109081425573406860",
                "114696649834534166913959480128824912407",
                "284654706040660483656208980812999785991",
                "142544233627706952908395319893049764263",
                "141468354904466073747868888733625719744",
                "323865197859576815877411713518640021838",
                "189684828738491289006923078540799330759",
                "221564666239425267669316171913343379747",
                "292328824430877034598857989084179473658",
                "134380704337996185432951545246190115975",
                "47158364410779021930038797454515781721",
                "213102790006610306946753817536694186920",
                "5631550767075498064182655598987284662",
                "193865105891837283404195337445150924622",
                "275726370165033947844680398648616740743",
                "63823113771189390482877108179385386524",
                "230249317918407700477813298318309640358",
                "336695294563605963194353935091316732254",
                "109679558685195376860765269460736344358",
                "306390003074578603338847949911858378891",
                "305325966109492949911160803603140415935",
                "253663176297535569800750340856499897090",
                "227278074988170531190328047837013814090",
                "68302118556436757852471972201060660424",
                "86818942786927950941808570746480398321",
                "161722490313900249758351640754677175806",
                "310862854249856253642896107322271821386",
                "313576979269287144561034707560210064936",
                "143788873163343333700185680779938968630",
                "257288035666544161228090052444138782157",
                "283788636277929606283009891229335272918",
                "74180284930956924355031831568273267605",
                "80870611725807472636832812662272965617",
                "45905438846323005889026121893345677605",
                "147587334349935398261207353508096527530",
                "273867369813873818680981061881868588046",
                "265295273363139604513058588831237478418",
                "194170130282654117627820848447596610480",
                "112664288531001491131147461756842306734",
                "98374487093752321982327952270644474097",
                "339817622072625323690626744437098314874",
                "167992852315998774338208831575384804999",
                "218230674027542072982385499728746592",
                "68685241395746603181941072603609352988",
                "320149564392133308753462539267572866070",
                "280923340590973357897865661240907694942",
                "268345434027079486801272317956788518348",
                "276052753717316242854796578790759697039",
                "175099397236990912250296357250196663863",
                "121824365970734844789458709572806771370",
                "71970785538334620102186995857700722372",
                "244233962499170591197670405871216106264",
                "57058718804685951954572316499848381722",
                "37340231525244318362056106010218185013",
                "24418996384662837104086983445476954891",
                "266173425088165863747651041367528237811",
                "28875561050832416497799879814227158115",
                "118358045731567106309056493852572863184",
                "335736288596714220952853544632207896272",
                "274374600237765519484965609248517195846",
                "33708949504400971718777842322968064557",
                "81599705048375893702607807152553230222",
                "105197712154746136622296181910673205639",
                "333634536157708563191968973531531020265",
                "72452862183773982513014925132408799088",
                "9571050987299223571278633433397082544",
                "156814132665187554481928313351253374109",
                "272400522037123468820275872195039096281",
                "248206274018650904892439804048903780184",
                "310239703515355153001572922968694348526",
                "48531558351695545282356027572386172621",
                "162482213704897202569709693520634634070",
                "28687664644653914542392384677361663415",
                "289353984629396589905009324529234748032",
                "87306611327585368338774123274018384107",
                "245743879649941226293615643987187236748",
                "181749163045701010858524654478858164873",
                "151233014828387370008056587147949264078",
                "163549676097354967574820008943589911050"
            ]
        },
        "signature_version": "v1",
        "source": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json"
gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
616624213caa4017313ca0aac850c1101759d4ff
Last affected
d21dcc67d0d3f4686ee989a085ad2bea9c58259d
Database specific 
{
    "versions": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "4.3.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json"