7.5

CVE-2023-52356

Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version-
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.19% 0.801
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2024/Jul/18
https://support.apple.com/kb/HT214119
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://support.apple.com/kb/HT214116
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214120
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214123
https://support.apple.com/kb/HT214124
https://access.redhat.com/errata/RHSA-2024:5079
https://access.redhat.com/security/cve/CVE-2023-52356
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251344
Third Party Advisory
Issue Tracking
https://gitlab.com/libtiff/libtiff/-/issues/622
Patch
Issue Tracking
https://gitlab.com/libtiff/libtiff/-/merge_requests/546
Patch
Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
https://access.redhat.com/errata/RHSA-2025:20801
https://access.redhat.com/errata/RHSA-2025:21994
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:5958
https://access.redhat.com/errata/RHSA-2026:7081
https://access.redhat.com/errata/RHSA-2026:7304
https://access.redhat.com/errata/RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8748
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:25096