CVE-2023-30086Out-of-bounds Write in Libtiff

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 76.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libtiff
Timeline
PublishedMay 9
Latest updateMay 10

Description

Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDlibtiff/libtiff4.0.7

🔴Vulnerability Details

3
OSV
CVE-2023-30086: Buffer Overflow vulnerability found in Libtiff V2023-05-09
CVEList
CVE-2023-30086: Buffer Overflow vulnerability found in Libtiff V2023-05-09
GHSA
GHSA-9489-j7g7-5xg4: Buffer Overflow vulnerability found in Libtiff V2023-05-09

📋Vendor Advisories

2
Red Hat
libtiff: Heap buffer overflow in tiffcp() at tiffcp.c2023-05-10
Debian
CVE-2023-30086: tiff - Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker t...2023