PT-2023-4906 · Libtiff+6 · Libtiff+6

Xiaoxiaoafeifei

Publicado

2023-04-10

Atualizado

2026-03-31

CVE-2023-1916

CVSS v3.1

6.1

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions libtiff versions 4.x

Description The issue is related to a flaw in the extractImageSection function of the libtiff library, which can cause an out-of-bounds read in memory. This can lead to a denial of service and limited information disclosure when a specially crafted TIFF file is processed. The extractImageSection function in tools/tiffcrop.c is specifically affected.

Recommendations For libtiff versions 4.x, improved checks have been implemented to address the issue. As a temporary workaround, consider restricting the use of the extractImageSection function in tools/tiffcrop.c until the improved checks are applied. Additionally, avoid processing specially crafted TIFF files with the affected libtiff versions to minimize the risk of exploitation.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-26152

BDU:2023-05399

CVE-2023-1916

ECHO-56EF-42C6-64A5

OESA-2024-1663

SUSE-SU-2023:4736-1

SUSE-SU-2023:4869-1

USN-6428-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Apple Macos

Suse

Ubuntu

Libtiff

PT-2023-4906 · Libtiff+6 · Libtiff+6

CVE-2023-1916

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 45