Rapid7

vulnerability

Amazon Linux AMI 2: CVE-2022-0891: Security patch for libtiff (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:P)
Published
Mar 10, 2022
Added
Oct 23, 2023
Modified
May 20, 2026

Description

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Solutions

amazon-linux-ami-2-upgrade-libtiffamazon-linux-ami-2-upgrade-libtiff-debuginfoamazon-linux-ami-2-upgrade-libtiff-develamazon-linux-ami-2-upgrade-libtiff-staticamazon-linux-ami-2-upgrade-libtiff-tools

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report