CVE-2022-0891

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0891
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0891
Downstream
Related
Published
2022-03-10T17:44:58Z
Modified
2025-10-14T18:58:52.604713Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

References

Affected packages

Git / gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events

Affected versions

Other

Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6
Release-v4-0-7
Release-v4-0-8
Release-v4-0-9

v3.*

v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7

v4.*

v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-0891-2673b01d",
            "signature_type": "Function",
            "target": {
                "file": "tools/tiffcrop.c",
                "function": "writeImageSections"
            },
            "deprecated": false,
            "digest": {
                "length": 1297.0,
                "function_hash": "235928622411016398176817725906599250648"
            },
            "signature_version": "v1",
            "source": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
        },
        {
            "id": "CVE-2022-0891-7f4182cd",
            "signature_type": "Function",
            "target": {
                "file": "tools/tiffcrop.c",
                "function": "extractImageSection"
            },
            "deprecated": false,
            "digest": {
                "length": 5496.0,
                "function_hash": "58429106897006448512210926992145966514"
            },
            "signature_version": "v1",
            "source": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
        },
        {
            "id": "CVE-2022-0891-bc3aaf2c",
            "signature_type": "Line",
            "target": {
                "file": "tools/tiffcrop.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "84143576990680265652521229894417814333",
                    "271593314867257796737109888228331430504",
                    "198562696645059733946134486032749154898",
                    "208591347719593239758415857030837595427",
                    "191367084343252554457486973349184692540",
                    "16828180405297449826159600382786472958",
                    "194599737744737037385450639568704953646",
                    "264612011217942229048089835657051903509",
                    "150675504432903172666537405257917815401",
                    "304138807671563484898417420593142900883",
                    "335662010454009818962963332277196154082",
                    "31268966561907612255282568706795749849",
                    "35105307779271944392485153667554553162",
                    "274140588409951905799689678189247745175",
                    "214024111320564791417452542546834541690",
                    "153009763350915999966856162168433728966",
                    "77041414950856372973072368995500076818",
                    "320877450205967015515037865212940050044",
                    "119185770621077228290922240666201267316",
                    "9149817626677961363198625149656728124",
                    "2428745461092070702094333212464911210",
                    "98592336796959696276292437946556330784",
                    "37465507881009575582229063171034153786",
                    "46587671839823969675013782030618233202",
                    "293620572689309912463628748992499555346",
                    "245698697758840926606246234586853797125",
                    "79907105164856904623720052261541684803",
                    "66339006927447622895109081425573406860",
                    "114696649834534166913959480128824912407",
                    "284654706040660483656208980812999785991",
                    "142544233627706952908395319893049764263",
                    "141468354904466073747868888733625719744",
                    "323865197859576815877411713518640021838",
                    "189684828738491289006923078540799330759",
                    "221564666239425267669316171913343379747",
                    "292328824430877034598857989084179473658",
                    "134380704337996185432951545246190115975",
                    "47158364410779021930038797454515781721",
                    "213102790006610306946753817536694186920",
                    "5631550767075498064182655598987284662",
                    "193865105891837283404195337445150924622",
                    "275726370165033947844680398648616740743",
                    "63823113771189390482877108179385386524",
                    "230249317918407700477813298318309640358",
                    "336695294563605963194353935091316732254",
                    "109679558685195376860765269460736344358",
                    "306390003074578603338847949911858378891",
                    "305325966109492949911160803603140415935",
                    "253663176297535569800750340856499897090",
                    "227278074988170531190328047837013814090",
                    "68302118556436757852471972201060660424",
                    "86818942786927950941808570746480398321",
                    "161722490313900249758351640754677175806",
                    "310862854249856253642896107322271821386",
                    "313576979269287144561034707560210064936",
                    "143788873163343333700185680779938968630",
                    "257288035666544161228090052444138782157",
                    "283788636277929606283009891229335272918",
                    "74180284930956924355031831568273267605",
                    "80870611725807472636832812662272965617",
                    "45905438846323005889026121893345677605",
                    "147587334349935398261207353508096527530",
                    "273867369813873818680981061881868588046",
                    "265295273363139604513058588831237478418",
                    "194170130282654117627820848447596610480",
                    "112664288531001491131147461756842306734",
                    "98374487093752321982327952270644474097",
                    "339817622072625323690626744437098314874",
                    "167992852315998774338208831575384804999",
                    "218230674027542072982385499728746592",
                    "68685241395746603181941072603609352988",
                    "320149564392133308753462539267572866070",
                    "280923340590973357897865661240907694942",
                    "268345434027079486801272317956788518348",
                    "276052753717316242854796578790759697039",
                    "175099397236990912250296357250196663863",
                    "121824365970734844789458709572806771370",
                    "71970785538334620102186995857700722372",
                    "244233962499170591197670405871216106264",
                    "57058718804685951954572316499848381722",
                    "37340231525244318362056106010218185013",
                    "24418996384662837104086983445476954891",
                    "266173425088165863747651041367528237811",
                    "28875561050832416497799879814227158115",
                    "118358045731567106309056493852572863184",
                    "335736288596714220952853544632207896272",
                    "274374600237765519484965609248517195846",
                    "33708949504400971718777842322968064557",
                    "81599705048375893702607807152553230222",
                    "105197712154746136622296181910673205639",
                    "333634536157708563191968973531531020265",
                    "72452862183773982513014925132408799088",
                    "9571050987299223571278633433397082544",
                    "156814132665187554481928313351253374109",
                    "272400522037123468820275872195039096281",
                    "248206274018650904892439804048903780184",
                    "310239703515355153001572922968694348526",
                    "48531558351695545282356027572386172621",
                    "162482213704897202569709693520634634070",
                    "28687664644653914542392384677361663415",
                    "289353984629396589905009324529234748032",
                    "87306611327585368338774123274018384107",
                    "245743879649941226293615643987187236748",
                    "181749163045701010858524654478858164873",
                    "151233014828387370008056587147949264078",
                    "163549676097354967574820008943589911050"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
        }
    ]
}