QwikSec

Security Database

CVE

CWE

Training

CVE-2023-0797

Published: Feb 13, 2023

Modified: Mar 21, 2025

PUBLISHED

CVSS v3.1

6.8

MEDIUM

Description

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

Vendor	Product	Versions
libtiff	libtiff	affected `<=4.4.0`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

References

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

https://gitlab.com/libtiff/libtiff/-/issues/495

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json

[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update

mailing-list

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.