vulnerability

Red Hat: CVE-2022-2868: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (Multiple Advisories)

Name: Red Hat: CVE-2022-2868: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (Multiple Advisories)
Creator: Red Hat
Published: 2022-08-17T00:00:00.000Z
Keywords: CVE, CWE-1284, CWE-20, Red Hat, 2022, 2868, Invalid crop_width and/or crop_length could cause an out, redhat-upgrade-libtiff, redhat-upgrade-libtiff-debuginfo, redhat-upgrade-libtiff-debugsource, redhat-upgrade-libtiff-devel, redhat-upgrade-libtiff-tools, redhat-upgrade-libtiff-tools-debuginfo, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:N/A:C)

Published

Aug 17, 2022

Added

Jan 13, 2023

Modified

Jun 12, 2026

Description

An improper input validation flaw was found in libtiff's tiffcrop utility. This issue can lead to an out-of-bounds read and cause a crash if an attacker can supply a crafted file to tiffcrop.

Solutions

redhat-upgrade-libtiffredhat-upgrade-libtiff-debuginforedhat-upgrade-libtiff-debugsourceredhat-upgrade-libtiff-develredhat-upgrade-libtiff-toolsredhat-upgrade-libtiff-tools-debuginfo

References

CWE-1284
CWE-20
EUVD-EUVD-2022-35102
NVD-CVE-2022-2868
REDHAT-RHSA-2023:0095
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-35102

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report