CVE-2022-2521 - It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at t

CVE-2022-2521

Summary

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

References

https://gitlab.com/libtiff/libtiff/-/issues/422
https://gitlab.com/libtiff/libtiff/-/merge_requests/378
https://www.debian.org/security/2023/dsa-5333

Vulnerable Configurations

cpe:2.3:a:libtiff:libtiff:4.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.4.0:rc1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-763

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

23-02-2023 - 15:59

Published

31-08-2022 - 16:15

Last modified

23-02-2023 - 15:59