CVE-2023-52356

Published: Jan 25, 2024

Modified: May 12, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Vendor	Product	Versions
Unknown	libtiff	affected `0 - < 4.6.0`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:4.6.0-6.el10_1.2 - < *`
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	unaffected `0:4.6.0-6.el10_0.2 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:4.0.9-32.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:4.4.0-15.el9 - < *`
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	unaffected `0:4.4.0-13.el9_6.3 - < *`
Red Hat	Red Hat AI Inference Server 3.2	unaffected `3.2.2-1765379088 - < *`
Red Hat	Red Hat AI Inference Server 3.2	unaffected `3.2.2-1765379049 - < *`
Red Hat	Red Hat AI Inference Server 3.2	unaffected `3.2.2-1764871796 - < *`
Red Hat	Red Hat AI Inference Server 3.2	unaffected `1772160593 - < *`
Red Hat	Red Hat AI Inference Server 3.2	unaffected `1772160625 - < *`
Red Hat	Red Hat AI Inference Server 3.2	unaffected `1775740563 - < *`
Red Hat	Red Hat AI Inference Server 3.3	unaffected `1778244546 - < *`
Red Hat	Red Hat AI Inference Server 3.3	unaffected `1775680192 - < *`
Red Hat	Red Hat AI Inference Server 3.3	unaffected `1775680262 - < *`
Red Hat	Red Hat AI Inference Server 3.3	unaffected `1775749857 - < *`
Red Hat	Red Hat Discovery 2	unaffected `2.4.0-1763656152 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions