CVE-2022-48281: Out-of-bounds Write

January 23, 2023 (updated May 30, 2023)

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., “WRITE of size 307203”) via a crafted TIFF image.

References

gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5
gitlab.com/libtiff/libtiff/-/issues/488
lists.debian.org/debian-lts-announce/2023/01/msg00037.html
nvd.nist.gov/vuln/detail/CVE-2022-48281
www.debian.org/security/2023/dsa-5333

Code Behaviors & Features

Detect and mitigate CVE-2022-48281 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →