Headline
CVE-2022-1056: tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection (!307) · Merge requests · libtiff / libtiff · GitLab
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
Skip to content
GitLab
- GitLab: the DevOps platform
- Explore GitLab
- Install GitLab
- How GitLab compares
- Get started
- GitLab docs
- GitLab Learn
Pricing
Talk to an expert
/
Help
Help
Support
Community forum
Submit feedback
Contribute to GitLab
Switch to GitLab Next
Projects Groups Snippets
Sign up now
Login
Sign in / Register
- libtiff
- libtiff
- Merge requests
- !307
tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection
- Review changes
Download
Email patches
Plain diff
Merged Su Laus requested to merge Su_Laus/libtiff:Fix_Issue#380 into master Feb 25, 2022
- Overview 4
- Commits 2
- Pipelines 2
- Changes 1
tiffcrop: fix issue #380 (closed) and #382 (closed) heap buffer overflow in extractImageSection.
Corrected wrong formula for image row size calculation.
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.