libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3278-1 tiff security update
Debian DSA Debian DSA DSA-5333-1 tiff security update
EUVD EUVD EUVD-2022-35101 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Ubuntu USN Ubuntu USN USN-5604-1 LibTIFF vulnerabilities
Ubuntu USN Ubuntu USN USN-5714-1 LibTIFF vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-03T00:52:59.602Z

Reserved: 2022-08-16T00:00:00

Link: CVE-2022-2867

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-17T22:15:08.697

Modified: 2024-11-21T07:01:50.353

Link: CVE-2022-2867

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-21T00:00:00Z

Links: CVE-2022-2867 - Bugzilla

cve-icon OpenCVE Enrichment

No data.