Lucene search

K

GoogleOSV:CVE-2023-0801

HistoryFeb 13, 2023 - 11:15 p.m.

CVE-2023-0801

2023-02-1323:15:12

Google

osv.dev

14

libtiff 4.4.0

out-of-bounds write

tiffcrop

denial-of-service

crafted tiff file

sources

commit 33aee127

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

31.6%

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json

gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

gitlab.com/libtiff/libtiff/-/issues/498

lists.debian.org/debian-lts-announce/2023/02/msg00026.html

security.alpinelinux.org/vuln/CVE-2023-0801

security.gentoo.org/glsa/202305-31

security.netapp.com/advisory/ntap-20230316-0002/

www.debian.org/security/2023/dsa-5361

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

31.6%

Related for OSV:CVE-2023-0801