Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835759 - media-libs/tiff: CVE-2022-0891 heap buffer overflow in ExtractImageSection
Summary: media-libs/tiff: CVE-2022-0891 heap buffer overflow in ExtractImageSection
Status: RESOLVED DUPLICATE of bug 830981
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-21 19:21 UTC by Allen Webb
Modified: 2022-03-21 19:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Allen Webb 2022-03-21 19:21:52 UTC 
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-03-21 19:25:57 UTC 

*** This bug has been marked as a duplicate of bug 830981 ***