CVE-2023-0802

Name
CVE-2023-0802
Description
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json
MISC https://gitlab.com/libtiff/libtiff/-/issues/500
MISC https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
MLIST https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
DEBIAN https://www.debian.org/security/2023/dsa-5361
CONFIRM https://security.netapp.com/advisory/ntap-20230316-0002/
GENTOO https://security.gentoo.org/glsa/202305-31

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* libtiff >= None <= 4.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status