Untriaged
Permalink
CVE-2023-3164
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Heap-buffer-overflow in extractimagesection()
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
References
- https://access.redhat.com/security/cve/CVE-2023-3164 x_refsource_REDHAT vdb-entry
- RHBZ#2213531 issue-tracking x_refsource_REDHAT
- https://gitlab.com/libtiff/libtiff/-/issues/542
- https://gitlab.com/libtiff/libtiff/-/issues/542 x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3164 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2213531 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.com/libtiff/libtiff/-/issues/542
- https://access.redhat.com/security/cve/CVE-2023-3164 x_refsource_REDHAT vdb-entry
- RHBZ#2213531 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-3164 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2213531 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.com/libtiff/libtiff/-/issues/542 x_transferred
Affected products
libtiff
mingw-libtiff
compat-libtiff3
Package maintainers
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@autra Augustin Trancart <augustin.trancart@gmail.com>
-
@willcohen Will Cohen
-
@l0b0 Victor Engmark <victor@engmark.name>
-
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
-
@imincik Ivan Mincik <ivan.mincik@gmail.com>