cbcvebase.
CVE-2023-1916
published 2023-04-10

CVE-2023-1916: A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the…

PriorityP421medium6.1CVSS 3.1
AVLACLPRNUIRSUCLINAH
EPSS
0.39%
30.7th percentile
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Affected

11 ranges
VendorProductVersion rangeFixed in
applemacos_monterey
applemacos_ventura
debiantiff< tiff 4.7.0-1 (forky)tiff 4.7.0-1 (forky)
libtifflibtiff
libtifflibtiff4.0 – 4.5.0
msrccbl2_libtiff_4.5.1-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_libtiff_4.5.1-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
osv6.1MEDIUM
vendor_debian6.1LOW
vendor_msrc6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.