CVE-2022-48281
Summary
| CVE | CVE-2022-48281 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-23 03:15:00 UTC |
|---|
| Updated | 2023-05-30 06:16:00 UTC |
|---|
| Description | processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| heap-buffer-overflow /home/a13579/fuzz_lib_tiff/report/libtiff_asan/libtiff/tif_unix.c:362 in _TIFFmemset in branch 38a58201 (#488) · Issues · libtiff / libtiff · GitLab |
MISC |
gitlab.com |
|
| LibTIFF: Multiple Vulnerabilities (GLSA 202305-31) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Debian -- Security Information -- DSA-5333-1 tiff |
DEBIAN |
www.debian.org |
|
| [SECURITY] [DLA 3297-1] tiff security update |
MLIST |
lists.debian.org |
|
| CVE-2022-48281 LibTIFF Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| Merge branch 'tiffcrop_fix_#488' into 'master' (d1b6b9c1) · Commits · libtiff / libtiff · GitLab |
MISC |
gitlab.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160748 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-3711)
- 160757 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-3827)
- 181520 Debian Security Update for tiff (DSA 5333-1)
- 181525 Debian Security Update for tiff (DLA 3297-1)
- 184646 Debian Security Update for tiff (CVE-2022-48281)
- 199525 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-5841-1)
- 199657 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6290-1)
- 241737 Red Hat Update for libtiff (RHSA-2023:3711)
- 241755 Red Hat Update for libtiff (RHSA-2023:3827)
- 356375 Amazon Linux Security Advisory for libtiff : ALAS2023-2023-364
- 502795 Alpine Linux Security Update for tiff
- 503133 Alpine Linux Security Update for tiff
- 505946 Alpine Linux Security Update for tiff
- 672712 EulerOS Security Update for libtiff (EulerOS-SA-2023-1474)
- 672713 EulerOS Security Update for libtiff (EulerOS-SA-2023-1449)
- 672807 EulerOS Security Update for libtiff (EulerOS-SA-2023-1555)
- 672834 EulerOS Security Update for libtiff (EulerOS-SA-2023-1530)
- 672867 EulerOS Security Update for libtiff (EulerOS-SA-2023-1599)
- 672884 EulerOS Security Update for libtiff (EulerOS-SA-2023-1761)
- 672926 EulerOS Security Update for libtiff (EulerOS-SA-2023-1783)
- 673076 EulerOS Security Update for libtiff (EulerOS-SA-2023-2157)
- 710734 Gentoo Linux LibTIFF Multiple Vulnerabilities (GLSA 202305-31)
- 753590 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:0199-1)
- 753671 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:0342-1)
- 905345 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13143)
- 905353 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13151)
- 905472 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13143-1)
- 905606 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13151-1)
- 906672 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13151-3)
- 941151 AlmaLinux Security Update for libtiff (ALSA-2023:3711)
- 941156 AlmaLinux Security Update for libtiff (ALSA-2023:3827)
