A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
https://gitlab.com/libtiff/libtiff/-/issues/382
https://gitlab.com/libtiff/libtiff/-/issues/380
https://www.debian.org/security/2022/dsa-5108
Source: MITRE
Published: 2022-03-10
Updated: 2023-02-02
Type: CWE-787
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 7.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Impact Score: 4.2
Exploitability Score: 2.8
Severity: HIGH