CVE-2023-2908 — NULL Pointer Dereference in Libtiff

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff

Timeline

PublishedJun 30

Latest updateAug 15

Description

A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibtiff/libtiff4.5.0

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2023-08-15

▶

GHSA

GHSA-7278-8hvx-pp94: A null pointer dereference issue was discovered in Libtiff's tif_dir↗2023-07-01

▶

OSV

CVE-2023-2908: A null pointer dereference issue was found in Libtiff's tif_dir↗2023-06-30

▶

CVEList

Libtiff: null pointer dereference in tif_dir.c↗2023-06-30

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2023-08-15

▶

Red Hat

libtiff: null pointer dereference in tif_dir.c↗2023-06-30

▶

Microsoft

Libtiff: null pointer dereference in tif_dir.c↗2023-06-13

▶

Debian

CVE-2023-2908: tiff - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This iss...↗2023

▶