CVE-2023-0797

Name
CVE-2023-0797
Description
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
MISC https://gitlab.com/libtiff/libtiff/-/issues/495
CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json
MLIST https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
DEBIAN https://www.debian.org/security/2023/dsa-5361
GENTOO https://security.gentoo.org/glsa/202305-31

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* libtiff >= None <= 4.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status