PT-2023-4911 · Libtiff+9 · Libtiff+9

Wangdw.Augustus@Gmail.Com

Publicado

2023-02-12

Atualizado

2025-06-26

CVE-2023-0801

CVSS v3.1

6.8

Média

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions libtiff version 4.4.0

Description The issue is related to an out-of-bounds write in the tiffcrop utility of the libtiff library, specifically in the files libtiff/tif unix.c:368, tools/tiffcrop.c:2903, and tools/tiffcrop.c:6778. This can be exploited by attackers to cause a denial-of-service via a crafted tiff file.

Recommendations For version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 33aee127. As a temporary workaround, consider restricting the use of the tiffcrop utility until the issue is resolved.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2023:3711

ALSA-2023:5353

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-13392

BDU:2023-05404

CESA-2023_5353

CVE-2023-0801

DLA-3333-1

DSA-5361-1

MGASA-2023-0080

OESA-2023-1128

OPENSUSE-SU-2024:12730-1

RHSA-2023:3711

RHSA-2023:5353

RHSA-2023_3711

RHSA-2023_5353

RLSA-2023:3711

RLSA-2023:5353

ROSA-SA-2025-2627

SUSE-SU-2023:2321-1

SUSE-SU-2023:2334-1

USN-5923-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtiff

PT-2023-4911 · Libtiff+9 · Libtiff+9

CVE-2023-0801

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 127