CVE-2023-3618 โ€” Classic Buffer Overflow in Libtiff

CWE-120 โ€” Classic Buffer Overflow23 documents10 sources
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
0.2%
top 55.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LibtiffDebian LinuxRedhat Enterprise Linux
Timeline
PublishedJul 12
Latest updateMar 6

Description

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDlibtiff/libtiff< 4.5.1

Also affects: Debian Linux 10.0, Enterprise Linux 8.0, 9.0

๐Ÿ”ดVulnerability Details

4
OSV
tiff vulnerabilitiesโ†—2023-08-15
โ–ถ
CVEList
Segmentation fault in fax3encode in libtiff/tif_fax3.cโ†—2023-07-12
โ–ถ
GHSA
GHSA-jgp5-27vm-42q7: A flaw was found in libtiffโ†—2023-07-12
โ–ถ
OSV
CVE-2023-3618: A flaw was found in libtiffโ†—2023-07-12
โ–ถ

๐Ÿ“‹Vendor Advisories

7
Apple
CVE-2023-3618: macOS Sonoma 14.2โ†—2023-12-11
โ–ถ
Apple
CVE-2023-3618: macOS Monterey 12.7.2โ†—2023-12-11
โ–ถ
Apple
CVE-2023-3618: macOS Ventura 13.6.3โ†—2023-12-11
โ–ถ
Ubuntu
LibTIFF vulnerabilitiesโ†—2023-08-15
โ–ถ
Microsoft
Segmentation fault in fax3encode in libtiff/tif_fax3.cโ†—2023-07-11
โ–ถ

๐Ÿ’ฌCommunity

11
Bugzilla
CVE-2023-52595 kernel: wifi: rt2x00: restart beacon queue when hardware resetโ†—2024-03-06
โ–ถ
Bugzilla
CVE-2023-52598 kernel: s390/ptrace: handle setting of fpc register correctlyโ†—2024-03-06
โ–ถ
Bugzilla
CVE-2023-52594 kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()โ†—2024-03-06
โ–ถ
Bugzilla
CVE-2023-52606 kernel: powerpc/lib: Validate size for vector operationsโ†—2024-03-06
โ–ถ
Bugzilla
CVE-2023-52607 kernel: powerpc/mm: Fix null-pointer dereference in pgtable_cache_addโ†—2024-03-06
โ–ถ
CVE-2023-3618 โ€” Classic Buffer Overflow in Libtiff | cvebase