Vulnerability in Libtiff

CVE-2022-2521

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

EPSS: 0.001 (31.2th percentile) — read the EPSS interpretation.

Affected products

N/a Libtiff — versions libtiff 4.4.0rc1

Weakness classification (CWE)

CWE-763 — Release of Invalid Pointer or Reference

References

gitlab.com/libtiff/libtiff/-/issues/422
gitlab.com/libtiff/libtiff/-/merge_requests/378
DSA-5333 (vendor-advisory)