CVE-2023-1916

Published: Apr 10, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Exploitability: 1.8 / Impact: 4.2

Source: NVD

Description

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Affected (1)

Products: Libtiff: Libtiff

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	From 4.0 to 4.5.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (7)

https://gitlab.com/libtiff/libtiff/-/issues/536%2C

Source: secalert@redhat.com

https://gitlab.com/libtiff/libtiff/-/issues/537

Source: secalert@redhat.com

ExploitIssue Tracking

https://support.apple.com/kb/HT213844

Source: secalert@redhat.com

https://gitlab.com/libtiff/libtiff/-/issues/536

Source: nvd@nist.gov

ExploitIssue Tracking

https://gitlab.com/libtiff/libtiff/-/issues/536%2C

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.com/libtiff/libtiff/-/issues/537

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://support.apple.com/kb/HT213844

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.