Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-2731

Опубликовано: 17 мая 2023
Источник: debian
EPSS Низкий

Описание

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tifffixed4.5.0-6package
tiffnot-affectedbullseyepackage
tiffnot-affectedbusterpackage

Примечания

  • https://gitlab.com/libtiff/libtiff/-/issues/548

  • Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b (v4.5.1rc1)

  • Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1)

EPSS

Процентиль: 1%
0.0001
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-2731

CVSS3: 5.5
ubuntu
больше 2 лет назад

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

redhat логотип

CVE-2023-2731

CVSS3: 5.5
redhat
больше 2 лет назад

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

nvd логотип

CVE-2023-2731

CVSS3: 5.5
nvd
больше 2 лет назад

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

msrc логотип

CVE-2023-2731

CVSS3: 5.5
msrc
около 2 лет назад

Описание отсутствует

github логотип

GHSA-g995-h8wx-7qw6

CVSS3: 5.5
github
больше 2 лет назад

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

EPSS

Процентиль: 1%
0.0001
Низкий