A flaw was found in tiffcrop a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

🗓️ 17 Apr 2023 07:00:00Reported by MicrosoftType

A flaw in tiffcrop causes out-of-bounds read in extractImageSection, leading to denial of service and limited disclosure in libtiff 4.x.

Reporter	Title	Published	Views	Family All 136
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004 (June 2025)	2 Jul 202507:00	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	3 Jun 202511:35	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for June 2025.	16 Jul 202509:05	–	ibm
ATTACKERKB	CVE-2023-1916	10 Apr 202322:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2025-1212)	15 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : libtiff (EulerOS-SA-2024-2345)	10 Sep 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : libtiff (EulerOS-SA-2024-2353)	10 Sep 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2024-2373)	12 Sep 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2024-2398)	12 Sep 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2024-2423)	12 Sep 202400:00	–	nessus