Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-3618

Опубликовано: 13 фев. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

Отчет

Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libtiffOut of support scope
Red Hat Enterprise Linux 7compat-libtiff3Out of support scope
Red Hat Enterprise Linux 7libtiffOut of support scope
Red Hat Enterprise Linux 8compat-libtiff3Will not fix
Red Hat Enterprise Linux 8libtiffWill not fix
Red Hat Enterprise Linux 9libtiffFixedRHSA-2024:228930.04.2024

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2215865libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c

EPSS

Процентиль: 40%
0.00183
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVSS3: 6.5
ubuntu
около 2 лет назад

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVSS3: 6.5
nvd
около 2 лет назад

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVSS3: 6.5
debian
около 2 лет назад

A flaw was found in libtiff. A specially crafted tiff file can lead to ...

CVSS3: 6.5
redos
почти 2 года назад

Уязвимость Libtiff

CVSS3: 7.5
github
около 2 лет назад

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

EPSS

Процентиль: 40%
0.00183
Низкий

6.5 Medium

CVSS3