CVE-2023-40745

Опубликовано: 05 окт. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

Ссылки

https://access.redhat.com/errata/RHSA-2024:2289
https://access.redhat.com/security/cve/CVE-2023-40745
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2235265
Issue Tracking
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2289
https://access.redhat.com/security/cve/CVE-2023-40745
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2235265
Issue Tracking
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231110-0005/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Версия до 4.6.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00266

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-190

Связанные уязвимости

CVE-2023-40745

CVSS3: 6.5

ubuntu

около 2 лет назад

CVE-2023-40745

CVSS3: 6.5

redhat

больше 2 лет назад

CVE-2023-40745

CVSS3: 6.5

msrc

около 2 лет назад

Libtiff: integer overflow in tiffcp.c

CVE-2023-40745

CVSS3: 6.5

debian

около 2 лет назад

LibTIFF is vulnerable to an integer overflow. This flaw allows remote ...

GHSA-w737-xjxg-h9mw

CVSS3: 6.5

github

около 2 лет назад

EPSS

Процентиль: 50%

0.00266

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-190