Skip to main content

Release of Invalid Pointer or Reference

CVE-2022-2521

Severity Medium
Score 6.5/10

Summary

It was found in libtiff that there is an invalid pointer free operation in "TIFFClose()" at "tif_close.c:131" called by "tiffcrop.c:2522" that can cause a program crash and denial of service while processing crafted input. This issue affects versions prior to 4.5.0rc1.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-763 - Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

Advisory Timeline

  • Published