Lucene search

[email protected]NVD:CVE-2023-3164

HistoryNov 02, 2023 - 12:15 p.m.

CVE-2023-3164

2023-11-0212:15:09

CWE-787

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-3164

denial of service

crafted tiff file

libtiff

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

Affected configurations

NVD

Node

libtifflibtiffRange<4.6.0

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

References

access.redhat.com/security/cve/CVE-2023-3164

bugzilla.redhat.com/show_bug.cgi?id=2213531

gitlab.com/libtiff/libtiff/-/issues/542

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for NVD:CVE-2023-3164

osv2 openvas4 debiancve1 ubuntucve1 ubuntu1 cve1 prion1 cgr1 cvelist1 veracode1 mageia1 redos1 redhatcve1 nessus8 wolfi1 amazon1 ibm2