6.5

CVE-2022-2519

Exploit

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

Data is provided by the National Vulnerability Database (NVD)
LibtiffLibtiff Version4.4.0 Updaterc1
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.379
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://gitlab.com/libtiff/libtiff/-/issues/423
Patch
Third Party Advisory
Exploit
Issue Tracking
https://gitlab.com/libtiff/libtiff/-/merge_requests/378
Patch
Third Party Advisory
Exploit
Issue Tracking