CVE-2023-3164 — Classic Buffer Overflow in Libtiff

CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff Redhat Enterprise Linux

Timeline

PublishedNov 2

Latest updateJun 11

Description

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibtiff/libtiff< 4.6.0

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

CVEList

Heap-buffer-overflow in extractimagesection()↗2023-11-02

▶

GHSA

GHSA-2x8c-h7r9-r6m6: A heap out-of-bounds read flaw was found in builtin↗2023-11-02

▶

OSV

CVE-2023-3164: A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop↗2023-11-02

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerability↗2024-06-11

▶

Microsoft

Heap-buffer-overflow in extractimagesection()↗2023-11-14

▶

Red Hat

libtiff: heap-buffer-overflow in extractImageSection()↗2023-04-03

▶

Debian

CVE-2023-3164: tiff - A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSectio...↗2023

▶