{"id":"CVE-2022-0891","details":"A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact","modified":"2026-04-16T04:35:46.608419149Z","published":"2022-03-09T00:00:00Z","related":["ALSA-2022:7585","ALSA-2022:8194","SUSE-SU-2022:1667-1","SUSE-SU-2022:1882-1","openSUSE-SU-2024:12057-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0891.json","cna_assigner":"GitLab"},"references":[{"type":"WEB","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0891.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-10"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221228-0008/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5108"},{"type":"REPORT","url":"https://gitlab.com/libtiff/libtiff/-/issues/380"},{"type":"REPORT","url":"https://gitlab.com/libtiff/libtiff/-/issues/382"},{"type":"FIX","url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vadz/libtiff","events":[{"introduced":"0"},{"last_affected":"70abe85f53fd6f3127bd18e2118b36216a0e7094"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"36"}]}}],"versions":["Pre360","Release-","Release-v3-5-","Release-v3-5-4","Release-v3-5-5","Release-v3-5-7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff","events":[{"introduced":"616624213caa4017313ca0aac850c1101759d4ff"},{"fixed":"232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json","vanir_signatures_modified":"2026-04-12T09:22:10Z","vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"235928622411016398176817725906599250648","length":1297},"deprecated":false,"signature_version":"v1","id":"CVE-2022-0891-2673b01d","source":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","target":{"function":"writeImageSections","file":"tools/tiffcrop.c"}},{"source":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2022-0891-7f4182cd","digest":{"length":5496,"function_hash":"58429106897006448512210926992145966514"},"target":{"function":"extractImageSection","file":"tools/tiffcrop.c"}},{"source":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff@232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2022-0891-bc3aaf2c","digest":{"threshold":0.9,"line_hashes":["84143576990680265652521229894417814333","271593314867257796737109888228331430504","198562696645059733946134486032749154898","208591347719593239758415857030837595427","191367084343252554457486973349184692540","16828180405297449826159600382786472958","194599737744737037385450639568704953646","264612011217942229048089835657051903509","150675504432903172666537405257917815401","304138807671563484898417420593142900883","335662010454009818962963332277196154082","31268966561907612255282568706795749849","35105307779271944392485153667554553162","274140588409951905799689678189247745175","214024111320564791417452542546834541690","153009763350915999966856162168433728966","77041414950856372973072368995500076818","320877450205967015515037865212940050044","119185770621077228290922240666201267316","9149817626677961363198625149656728124","2428745461092070702094333212464911210","98592336796959696276292437946556330784","37465507881009575582229063171034153786","46587671839823969675013782030618233202","293620572689309912463628748992499555346","245698697758840926606246234586853797125","79907105164856904623720052261541684803","66339006927447622895109081425573406860","114696649834534166913959480128824912407","284654706040660483656208980812999785991","142544233627706952908395319893049764263","141468354904466073747868888733625719744","323865197859576815877411713518640021838","189684828738491289006923078540799330759","221564666239425267669316171913343379747","292328824430877034598857989084179473658","134380704337996185432951545246190115975","47158364410779021930038797454515781721","213102790006610306946753817536694186920","5631550767075498064182655598987284662","193865105891837283404195337445150924622","275726370165033947844680398648616740743","63823113771189390482877108179385386524","230249317918407700477813298318309640358","336695294563605963194353935091316732254","109679558685195376860765269460736344358","306390003074578603338847949911858378891","305325966109492949911160803603140415935","253663176297535569800750340856499897090","227278074988170531190328047837013814090","68302118556436757852471972201060660424","86818942786927950941808570746480398321","161722490313900249758351640754677175806","310862854249856253642896107322271821386","313576979269287144561034707560210064936","143788873163343333700185680779938968630","257288035666544161228090052444138782157","283788636277929606283009891229335272918","74180284930956924355031831568273267605","80870611725807472636832812662272965617","45905438846323005889026121893345677605","147587334349935398261207353508096527530","273867369813873818680981061881868588046","265295273363139604513058588831237478418","194170130282654117627820848447596610480","112664288531001491131147461756842306734","98374487093752321982327952270644474097","339817622072625323690626744437098314874","167992852315998774338208831575384804999","218230674027542072982385499728746592","68685241395746603181941072603609352988","320149564392133308753462539267572866070","280923340590973357897865661240907694942","268345434027079486801272317956788518348","276052753717316242854796578790759697039","175099397236990912250296357250196663863","121824365970734844789458709572806771370","71970785538334620102186995857700722372","244233962499170591197670405871216106264","57058718804685951954572316499848381722","37340231525244318362056106010218185013","24418996384662837104086983445476954891","266173425088165863747651041367528237811","28875561050832416497799879814227158115","118358045731567106309056493852572863184","335736288596714220952853544632207896272","274374600237765519484965609248517195846","33708949504400971718777842322968064557","81599705048375893702607807152553230222","105197712154746136622296181910673205639","333634536157708563191968973531531020265","72452862183773982513014925132408799088","9571050987299223571278633433397082544","156814132665187554481928313351253374109","272400522037123468820275872195039096281","248206274018650904892439804048903780184","310239703515355153001572922968694348526","48531558351695545282356027572386172621","162482213704897202569709693520634634070","28687664644653914542392384677361663415","289353984629396589905009324529234748032","87306611327585368338774123274018384107","245743879649941226293615643987187236748","181749163045701010858524654478858164873","151233014828387370008056587147949264078","163549676097354967574820008943589911050"]},"target":{"file":"tools/tiffcrop.c"}}]}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libtiff/libtiff","events":[{"introduced":"616624213caa4017313ca0aac850c1101759d4ff"},{"last_affected":"d21dcc67d0d3f4686ee989a085ad2bea9c58259d"}],"database_specific":{"versions":[{"introduced":"3.9.0"},{"last_affected":"4.3.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0891.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}]}