Lucene search

K

[email protected]NVD:CVE-2023-2731

HistoryMay 17, 2023 - 10:15 p.m.

CVE-2023-2731

2023-05-1722:15:11

CWE-476

[email protected]

web.nvd.nist.gov

libtiff

lzwdecode

local attacker

program crash

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

A NULL pointer dereference flaw was found in Libtiff’s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Affected configurations

NVD

Node

libtifflibtiffRange<4.5.0

Node

fedoraprojectfedoraMatch38

OR

redhatenterprise_linuxMatch9.0

References

access.redhat.com/security/cve/CVE-2023-2731

bugzilla.redhat.com/show_bug.cgi?id=2207635

github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b

gitlab.com/libtiff/libtiff/-/issues/548

security.netapp.com/advisory/ntap-20230703-0009/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

Related for NVD:CVE-2023-2731

nessus12 openvas7 ubuntucve1 rosalinux1 cnvd1 cve1 redhatcve1 cbl_mariner2 veracode1 prion1 osv3 debiancve1 cvelist1 redos1 almalinux1 redhat3 oraclelinux1 photon3 ubuntu1 ibm1 hp1