{"api_version":"1","generated_at":"2026-04-23T06:08:30+00:00","cve":"CVE-2022-0891","urls":{"html":"https://cve.report/CVE-2022-0891","api":"https://cve.report/api/cve/CVE-2022-0891.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0891","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891"},"summary":{"title":"CVE-2022-0891","description":"A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact","state":"PUBLIC","assigner":"cve@gitlab.com","published_at":"2022-03-10 17:44:00","updated_at":"2023-11-07 03:41:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://gitlab.com/libtiff/libtiff/-/issues/380","name":"https://gitlab.com/libtiff/libtiff/-/issues/380","refsource":"MISC","tags":[],"title":"/tools/tiffcrop.c:6866  - Heap buffer overflow in extractImageSection (#380) · Issues · libtiff / libtiff · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","refsource":"CONFIRM","tags":[],"title":"2022/CVE-2022-0891.json · master · GitLab.org / cves · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","name":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","refsource":"MISC","tags":[],"title":"tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection (232282fd) · Commits · freedesktop-sdk / mirrors / gitlab / libtiff / libtiff · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/","name":"FEDORA-2022-e2996202a0","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: libtiff-4.3.0-6.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/libtiff/libtiff/-/issues/382","name":"https://gitlab.com/libtiff/libtiff/-/issues/382","refsource":"MISC","tags":[],"title":"/tools/tiffcrop.c:6866 - Heap use after free in extractImageSection (#382) · Issues · libtiff / libtiff · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20221228-0008/","name":"https://security.netapp.com/advisory/ntap-20221228-0008/","refsource":"CONFIRM","tags":[],"title":"April 2022 LibTIFF Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202210-10","name":"GLSA-202210-10","refsource":"GENTOO","tags":[],"title":"LibTIFF: Multiple Vulnerabilities (GLSA 202210-10) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/","name":"FEDORA-2022-c39720a0ed","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: libtiff-4.3.0-6.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/","name":"FEDORA-2022-e2996202a0","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: libtiff-4.3.0-6.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/","name":"FEDORA-2022-c39720a0ed","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: libtiff-4.3.0-6.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5108","name":"DSA-5108","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5108-1 tiff","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0891","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"shahchintanh@gmail.com","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"891","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"891","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"891","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"891","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"891","vulnerable":"1","versionEndIncluding":"4.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"891","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-0891","qid":"160245","title":"Oracle Enterprise Linux Security Update for libtiff (ELSA-2022-7585)"},{"cve":"CVE-2022-0891","qid":"160275","title":"Oracle Enterprise Linux Security Update for libtiff (ELSA-2022-8194)"},{"cve":"CVE-2022-0891","qid":"179158","title":"Debian Security Update for tiff (DSA 5108-1)"},{"cve":"CVE-2022-0891","qid":"181972","title":"Debian Security Update for tiff (CVE-2022-0891)"},{"cve":"CVE-2022-0891","qid":"198786","title":"Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-5421-1)"},{"cve":"CVE-2022-0891","qid":"240843","title":"Red Hat Update for libtiff (RHSA-2022:7585)"},{"cve":"CVE-2022-0891","qid":"240881","title":"Red Hat Update for libtiff (RHSA-2022:8194)"},{"cve":"CVE-2022-0891","qid":"282544","title":"Fedora Security Update for libtiff (FEDORA-2022-e2996202a0)"},{"cve":"CVE-2022-0891","qid":"354293","title":"Amazon Linux Security Advisory for libtiff : ALAS2022-2022-049"},{"cve":"CVE-2022-0891","qid":"354326","title":"Amazon Linux Security Advisory for libtiff : ALAS2022-2022-194"},{"cve":"CVE-2022-0891","qid":"354588","title":"Amazon Linux Security Advisory for libtiff : ALAS-2022-194"},{"cve":"CVE-2022-0891","qid":"355159","title":"Amazon Linux Security Advisory for libtiff : ALAS2023-2023-050"},{"cve":"CVE-2022-0891","qid":"356436","title":"Amazon Linux Security Advisory for libtiff : ALAS2-2023-2300"},{"cve":"CVE-2022-0891","qid":"501505","title":"Alpine Linux Security Update for tiff"},{"cve":"CVE-2022-0891","qid":"502035","title":"Alpine Linux Security Update for tiff"},{"cve":"CVE-2022-0891","qid":"502793","title":"Alpine Linux Security Update for tiff"},{"cve":"CVE-2022-0891","qid":"671568","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1573)"},{"cve":"CVE-2022-0891","qid":"671688","title":"EulerOS Security Update for compat-libtiff3 (EulerOS-SA-2022-1710)"},{"cve":"CVE-2022-0891","qid":"671700","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1739)"},{"cve":"CVE-2022-0891","qid":"671728","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1809)"},{"cve":"CVE-2022-0891","qid":"671761","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1792)"},{"cve":"CVE-2022-0891","qid":"671813","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1869)"},{"cve":"CVE-2022-0891","qid":"671814","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1845)"},{"cve":"CVE-2022-0891","qid":"671860","title":"EulerOS Security Update for libtiff (EulerOS-SA-2022-1900)"},{"cve":"CVE-2022-0891","qid":"710659","title":"Gentoo Linux LibTIFF Multiple Vulnerabilities (GLSA 202210-10)"},{"cve":"CVE-2022-0891","qid":"752138","title":"SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:1667-1)"},{"cve":"CVE-2022-0891","qid":"752188","title":"SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:1882-1)"},{"cve":"CVE-2022-0891","qid":"900746","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (8950)"},{"cve":"CVE-2022-0891","qid":"901097","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (8968-1)"},{"cve":"CVE-2022-0891","qid":"940761","title":"AlmaLinux Security Update for libtiff (ALSA-2022:7585)"},{"cve":"CVE-2022-0891","qid":"940811","title":"AlmaLinux Security Update for libtiff (ALSA-2022:8194)"},{"cve":"CVE-2022-0891","qid":"960178","title":"Rocky Linux Security Update for libtiff (RLSA-2022:7585)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-0891","ASSIGNER":"cve@gitlab.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"libtiff","product":{"product_data":[{"product_name":"libtiff","version":{"version_data":[{"version_value":">=3.9.0, <=4.3.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Heap-based buffer overflow in libtiff"}]}]},"references":{"reference_data":[{"name":"https://gitlab.com/libtiff/libtiff/-/issues/380","url":"https://gitlab.com/libtiff/libtiff/-/issues/380","refsource":"MISC"},{"name":"https://gitlab.com/libtiff/libtiff/-/issues/382","url":"https://gitlab.com/libtiff/libtiff/-/issues/382","refsource":"MISC"},{"name":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","refsource":"CONFIRM"},{"refsource":"DEBIAN","name":"DSA-5108","url":"https://www.debian.org/security/2022/dsa-5108"},{"refsource":"FEDORA","name":"FEDORA-2022-e2996202a0","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"},{"refsource":"FEDORA","name":"FEDORA-2022-c39720a0ed","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"},{"refsource":"GENTOO","name":"GLSA-202210-10","url":"https://security.gentoo.org/glsa/202210-10"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221228-0008/","url":"https://security.netapp.com/advisory/ntap-20221228-0008/"}]},"description":{"description_data":[{"lang":"eng","value":"A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact"}]},"impact":{"cvss":{"vectorString":"AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","version":"3.1","baseScore":6.1,"baseSeverity":"MEDIUM"}},"credit":[{"lang":"eng","value":"shahchintanh@gmail.com"}]},"nvd":{"publishedDate":"2022-03-10 17:44:00","lastModifiedDate":"2023-11-07 03:41:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndIncluding":"4.3.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}