CVE-2023-1916

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions libtiff versions 4.x

Description The issue is related to a flaw in the extractImageSection function of the libtiff library, which can cause an out-of-bounds read in memory. This can lead to a denial of service and limited information disclosure when a specially crafted TIFF file is processed. The extractImageSection function in tools/tiffcrop.c is specifically affected.

Recommendations For libtiff versions 4.x, improved checks have been implemented to address the issue. As a temporary workaround, consider restricting the use of the extractImageSection function in tools/tiffcrop.c until the improved checks are applied. Additionally, avoid processing specially crafted TIFF files with the affected libtiff versions to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-26152

BDU:2023-05399

CVE-2023-1916

ECHO-56EF-42C6-64A5

OESA-2024-1663

SUSE-SU-2023:4736-1

SUSE-SU-2023:4869-1

USN-6428-1

Affected Products

Alt Linux

Debian

Linuxmint

Apple Macos

Suse

Ubuntu

Libtiff

CVE-2023-1916

Weakness Enumeration

Related Identifiers

Affected Products

References · 45