Lucene search

K

GoogleOSV:CVE-2023-0796

HistoryFeb 13, 2023 - 11:15 p.m.

CVE-2023-0796

2023-02-1323:15:11

Google

osv.dev

12

libtiff

out-of-bounds read

denial-of-service

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.0005 Low

EPSS

Percentile

17.6%

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CPENameOperatorVersion
libtiffeq4.3.0
libtiffeq4.0.0
tiffeq4.0.2-r0
tiffeq4.0.9-r1
libtiffeq3.6.1
libtiffeq3.5.4
libtiffeq4.0.3
tiffeq4.3.0-r0
tiffeq4.0.2-r1
tiffeq4.1.0-r0

Rows per page:

1-10 of 951

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json

gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

gitlab.com/libtiff/libtiff/-/issues/499

lists.debian.org/debian-lts-announce/2023/02/msg00026.html

security.gentoo.org/glsa/202305-31

security.netapp.com/advisory/ntap-20230316-0003/

www.debian.org/security/2023/dsa-5361

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.0005 Low

EPSS

Percentile

17.6%

Related for OSV:CVE-2023-0796

veracode1 cbl_mariner2 redhatcve1 alpinelinux1 nessus34 cvelist1 ubuntucve1 prion1 cve1 debiancve1 nvd1 amazon3 openvas21 osv5 mageia1 debian2 cloudfoundry1 ubuntu1 oraclelinux1 rocky1 redhat1 almalinux1 gentoo1 photon3