CVE-2023-6228
published 2023-12-18CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow…
PriorityP418medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.40%
31.9th percentile
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.7.0-1 (forky) | tiff 4.7.0-1 (forky) |
| msrc | azl3_libtiff_4.6.0-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libtiff_4.6.0-6_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian3.3LOW
vendor_msrc3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2024-02-27·CVSS 7.5
CVE-2023-52356 [HIGH] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
USN-6644-1 fixed vulnerabilities in LibTIFF.
This update provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)
It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)
It was discovered that LibTI
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2024-02-19·CVSS 7.5
CVE-2023-6228 [HIGH] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)
It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue t
Microsoft
Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
vendor_msrc·2023-12-12·CVSS 3.3
CVE-2023-6228 [LOW] CWE-787 Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Refer
Red Hat
libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c
vendor_redhat·2023-09-07·CVSS 3.3
CVE-2023-6228 [LOW] CWE-787 libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c
libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Statement: Red Hat has determined that this vulnerability has a low severity due to the fact that a potential crash in an application using the vulnerable tiffcp utility will most likely lead to temporary disruptions in availability; there are no indications that this vulnerability will lead to long-term or persistent downtime resulting from a crash.
Debian
CVE-2023-6228: tiff - An issue was found in the tiffcp utility distributed by the libtiff package wher...
vendor_debian·2023·CVSS 3.3
CVE-2023-6228 [LOW] CVE-2023-6228: tiff - An issue was found in the tiffcp utility distributed by the libtiff package wher...
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.7.0-1)
sid: resolved (fixed in 4.7.0-1)
trixie: resolved (fixed in 4.7.0-1)
OSV
tiff vulnerabilities
osv·2024-02-27·CVSS 7.5
CVE-2023-52356 [HIGH] tiff vulnerabilities
tiff vulnerabilities
USN-6644-1 fixed vulnerabilities in LibTIFF.
This update provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)
It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into o
OSV
tiff vulnerabilities
osv·2024-02-19·CVSS 7.5
CVE-2023-52356 [HIGH] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)
It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to consume
resources, resulting in a denial
GHSA
GHSA-4v5g-xjvw-59g6: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer over
ghsa_unreviewed·2023-12-28
CVE-2023-6228 [MEDIUM] CWE-400 GHSA-4v5g-xjvw-59g6: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer over
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
OSV
CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer over
osv·2023-12-18·CVSS 5.5
CVE-2023-6228 [MEDIUM] CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer over
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/errata/RHSA-2024:2289https://access.redhat.com/errata/RHSA-2024:5079https://access.redhat.com/security/cve/CVE-2023-6228https://bugzilla.redhat.com/show_bug.cgi?id=2240995https://access.redhat.com/errata/RHSA-2024:2289https://access.redhat.com/security/cve/CVE-2023-6228https://bugzilla.redhat.com/show_bug.cgi?id=2240995
2023-12-18
Published