CVE-2023-6228 — Out-of-bounds Write in Tiff

CWE-787 — Out-of-bounds Write CWE-400 — Uncontrolled Resource Consumption10 documents7 sources

Severity

5.5MEDIUMNVD

OSV7.5

EPSS

0.0%

top 96.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Msrc Azl3 Libtiff 4.6.0-6 ON Azure Linux 3.0 Msrc Cbl2 Libtiff 4.6.0-6 ON CBL Mariner 2.0

Timeline

PublishedDec 18

Latest updateFeb 27

Description

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶msrcmsrc/azl3_libtiff_4.6.0-6_on_azure_linux_3.0

▶msrcmsrc/cbl2_libtiff_4.6.0-6_on_cbl_mariner_2.0

▶debiandebian/tiff< tiff 4.7.0-1 (forky)

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2024-02-27

▶

OSV

tiff vulnerabilities↗2024-02-19

▶

GHSA

GHSA-4v5g-xjvw-59g6: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer over↗2023-12-28

▶

OSV

CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer over↗2023-12-18

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2024-02-27

▶

Ubuntu

LibTIFF vulnerabilities↗2024-02-19

▶

Microsoft

Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c↗2023-12-12

▶

Red Hat

libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c↗2023-09-07

▶

Debian

CVE-2023-6228: tiff - An issue was found in the tiffcp utility distributed by the libtiff package wher...↗2023

▶