CVE-2023-0798

Name
CVE-2023-0798
Description
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json
MISC https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
MISC https://gitlab.com/libtiff/libtiff/-/issues/492
MLIST https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
DEBIAN https://www.debian.org/security/2023/dsa-5361
CONFIRM https://security.netapp.com/advisory/ntap-20230316-0003/
GENTOO https://security.gentoo.org/glsa/202305-31

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* libtiff >= None <= 4.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status