Wiz
Vulnerability DatabaseCVE-2022-2867

CVE-2022-2867
NixOS vulnerability analysis and mitigation

Overview

CVE-2022-2867 is a vulnerability discovered in libtiff's tiffcrop utility, reported on August 16, 2022. The vulnerability involves a uint32_t underflow that can lead to out-of-bounds read and write operations. The issue affects the Tag Image File Format (TIFF) library and its associated tools (NVD, CVE Mitre).

Technical details

The vulnerability specifically occurs in the extractContigSamples8bits and extractContigSamplesShifted32bits functions of tiffcrop.c. The uint32t underflow can result in unsafe or out-of-bounds memory access when processing specially crafted TIFF files ([Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=2118847)).

Impact

When exploited, this vulnerability can cause application crashes leading to denial of service (DoS). In some cases, it could potentially lead to further exploitation, including possible local code execution when processing maliciously crafted TIFF files (Debian Security).

Mitigation and workarounds

Multiple vendors have released patches to address this vulnerability. Debian fixed the issue in version 4.1.0+git191117-2~deb10u5 for Debian 10 and version 4.2.0-1+deb11u3 for Debian 11. Red Hat addressed the vulnerability in RHSA-2023:0095. The upstream fix was included in libtiff version 4.4.0rc1 (Debian LTS, Red Hat Portal).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-20777MEDIUM6.7
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-20789MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-20788MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo