CVE-2023-0797

CVSS v3.1

6.8

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.4.0

Description The issue is related to an out-of-bounds read in the tiffcrop function, specifically in libtiff/tif unix.c:368, which can be invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921. This allows attackers to cause a denial-of-service via a crafted tiff file. The problem is associated with a buffer read beyond its boundaries in memory, potentially leading to a service disruption.

Recommendations For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit afaabc3e. As a temporary workaround, consider restricting the use of the tiffcrop function until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:3711

ALT-PU-2025-7185

ALT-PU-2025-7532

ALT-PU-2025-8255

AZL-13393

BDU:2023-05978

CVE-2023-0797

DLA-3333-1

DSA-5361-1

MGASA-2023-0080

OESA-2023-1128

OPENSUSE-SU-2024:12730-1

RHSA-2023:3711

RHSA-2023_3711

RLSA-2023:3711

ROSA-SA-2025-2627

SUSE-SU-2023:2321-1

SUSE-SU-2023:2334-1

USN-5923-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Libtiff

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2023-0797

Weakness Enumeration

Related Identifiers

Affected Products

References · 117