libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

🗓️ 20 Aug 2022 07:00:00Reported by MicrosoftType

libtiff tiffcrop underflows a 32-bit int causing out-of-bounds access in extractContigSamples8bits.

Reporter	Title	Published	Views	Family All 182
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	24 Feb 202319:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation v2.4.4 fixes multiple security vulnerabilities	2 Mar 202309:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	30 Mar 202316:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	2 May 202320:42	–	ibm
ATTACKERKB	CVE-2022-2869	17 Aug 202222:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : libtiff, libtiff-devel, libtiff-static (ALAS2022-2022-094)	7 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : libtiff, libtiff-devel, libtiff-static (ALAS2022-2022-183)	5 Nov 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : libtiff, libtiff-devel, libtiff-static (ALAS2022-2022-194)	4 Nov 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-050)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libtiff (ALAS-2022-1872)	9 Nov 202200:00	–	nessus