PT-2023-5350 · Libtiff+8 · Libtiff+8

Wangdw.Augustus@Gmail.Com

Publicado

2023-02-13

Atualizado

2025-06-26

CVE-2023-0797

CVSS v3.1

6.8

Média

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds read in the tiffcrop function, specifically in libtiff/tif unix.c:368, which can be invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921. This allows attackers to cause a denial-of-service via a crafted tiff file. The problem is associated with a buffer read beyond its boundaries in memory, potentially leading to a service disruption.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit afaabc3e. As a temporary workaround, consider restricting the use of the tiffcrop function until a patch is available.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2023:3711

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-13393

BDU:2023-05978

CVE-2023-0797

DLA-3333-1

DSA-5361-1

MGASA-2023-0080

OESA-2023-1128

OPENSUSE-SU-2024:12730-1

RHSA-2023:3711

RHSA-2023_3711

RLSA-2023:3711

ROSA-SA-2025-2627

SUSE-SU-2023:2321-1

SUSE-SU-2023:2334-1

USN-5923-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Libtiff

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2023-5350 · Libtiff+8 · Libtiff+8

CVE-2023-0797

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 117