Lucene search

[email protected]NVD:CVE-2023-40745

HistoryOct 05, 2023 - 7:15 p.m.

CVE-2023-40745

2023-10-0519:15:11

CWE-190

[email protected]

web.nvd.nist.gov

libtiff

integer overflow

remote attackers

denial of service

arbitrary code

crafted tiff image

heap-based buffer overflow

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

libtifflibtiffRange<4.6.0

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

fedoraprojectfedoraMatch-

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

References

access.redhat.com/errata/RHSA-2024:2289

access.redhat.com/security/cve/CVE-2023-40745

bugzilla.redhat.com/show_bug.cgi?id=2235265

security.netapp.com/advisory/ntap-20231110-0005/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for NVD:CVE-2023-40745

ubuntucve1 debiancve1 redhatcve1 veracode1 osv4 cbl_mariner1 prion1 cvelist1 cve1 redos1 mageia1 openvas6 nessus12 debian1 photon3 almalinux1 redhat2 oraclelinux1 ibm1