CVE-2023-52356Heap-based Buffer Overflow in Redhat Enterprise Linux

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write20 documents10 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedJan 25
Latest updateJul 29

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages0 packages

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: gitlab.comPatch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

5
OSV
tiff vulnerabilities2024-02-27
OSV
tiff vulnerabilities2024-02-19
GHSA
GHSA-cx8g-4cf5-cjv3: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API2024-01-25
OSV
CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API2024-01-25
CVEList
Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service2024-01-25

📋Vendor Advisories

13
Apple
CVE-2023-52356: visionOS 1.32024-07-29
Apple
CVE-2023-52356: macOS Sonoma 14.62024-07-29
Apple
CVE-2023-52356: macOS Ventura 13.6.82024-07-29
Apple
CVE-2023-52356: macOS Monterey 12.7.62024-07-29
Apple
CVE-2023-52356: iOS 16.7.9 and iPadOS 16.7.92024-07-29

💬Community

1
Bugzilla
CVE-2023-52356 libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service2023-11-24
CVE-2023-52356 — Heap-based Buffer Overflow in Redhat | cvebase