Release of Invalid Pointer or Reference
CVE-2022-2521
Summary
It was found in libtiff that there is an invalid pointer free operation in "TIFFClose()" at "tif_close.c:131" called by "tiffcrop.c:2522" that can cause a program crash and denial of service while processing crafted input. This issue affects versions prior to 4.5.0rc1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-763 - Release of Invalid Pointer or Reference
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
References
Advisory Timeline
- Published