CVE-2023-25435Classic Buffer Overflow in Libtiff

CWE-120Classic Buffer Overflow7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 83.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libtiff
Timeline
PublishedJun 21

Description

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDlibtiff/libtiff4.5.0

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
OSV
CVE-2023-25435: libtiff 42023-06-21
GHSA
GHSA-7693-rm3h-988x: libtiff 42023-06-21
CVEList
CVE-2023-25435: libtiff 42023-06-21

📋Vendor Advisories

3
Microsoft
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.2023-06-13
Red Hat
libtiff: tiffcrop: heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c2023-01-27
Debian
CVE-2023-25435: tiff - libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8b...2023