CVE-2023-0799

Опубликовано: 12 фев. 2023

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libtiff	Out of support scope
Red Hat Enterprise Linux 7	compat-libtiff3	Out of support scope
Red Hat Enterprise Linux 7	libtiff	Out of support scope
Red Hat Enterprise Linux 8	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 8	libtiff	Will not fix
Red Hat Enterprise Linux 9	libtiff	Fixed	RHSA-2023:3711	21.06.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2170162libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c

EPSS

Процентиль: 3%

0.00014

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-0799

CVSS3: 6.8

ubuntu

около 3 лет назад

CVE-2023-0799

CVSS3: 6.8

nvd

около 3 лет назад

CVE-2023-0799

CVSS3: 5.5

msrc

около 3 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e.

CVE-2023-0799

CVSS3: 6.8

debian

около 3 лет назад

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...

GHSA-9xvv-g7xh-f2qr

CVSS3: 5.5

github

около 3 лет назад

EPSS

Процентиль: 3%

0.00014

Низкий

5.5 Medium

CVSS3