CVE-2023-0795

Опубликовано: 12 фев. 2023

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libtiff	Out of support scope
Red Hat Enterprise Linux 7	compat-libtiff3	Out of support scope
Red Hat Enterprise Linux 7	libtiff	Out of support scope
Red Hat Enterprise Linux 8	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 8	libtiff	Will not fix
Red Hat Enterprise Linux 9	libtiff	Fixed	RHSA-2023:3711	21.06.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2170119libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c

EPSS

Процентиль: 2%

0.00013

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2023-0795

CVSS3: 6.8

ubuntu

около 3 лет назад

CVE-2023-0795

CVSS3: 6.8

nvd

около 3 лет назад

CVE-2023-0795

CVSS3: 5.5

msrc

около 3 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e.

CVE-2023-0795

CVSS3: 6.8

debian

около 3 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...

GHSA-cjrm-898p-cxjr

CVSS3: 5.5

github

около 3 лет назад

EPSS

Процентиль: 2%

0.00013

Низкий

6.1 Medium

CVSS3