An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-52355 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2251326 | Issue Tracking Patch Third Party Advisory |
https://gitlab.com/libtiff/libtiff/-/issues/621 | Exploit Issue Tracking |
Configurations
History
31 Jan 2024, 17:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://gitlab.com/libtiff/libtiff/-/issues/621 - Exploit, Issue Tracking | |
References | () https://access.redhat.com/security/cve/CVE-2023-52355 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2251326 - Issue Tracking, Patch, Third Party Advisory |
25 Jan 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-25 20:15
Updated : 2024-05-17 17:37
NVD link : CVE-2023-52355
Mitre link : CVE-2023-52355
CVE.ORG link : CVE-2023-52355
JSON object : View
Products Affected
libtiff
- libtiff
redhat
- enterprise_linux
CWE
CWE-787
Out-of-bounds Write