Lucene search

K

Redhat.comRH:CVE-2023-0797

HistoryFeb 15, 2023 - 7:30 p.m.

CVE-2023-0797

2023-02-1519:30:08

redhat.com

access.redhat.com

12

tiffcrop

out-of-bounds read

dos

libtiff package

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.0004 Low

EPSS

Percentile

14.1%

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.

References

bugzilla.redhat.com/show_bug.cgi?id=2170151

nvd.nist.gov/vuln/detail/CVE-2023-0797

www.cve.org/CVERecord?id=CVE-2023-0797

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.0004 Low

EPSS

Percentile

14.1%

Related for RH:CVE-2023-0797

cbl_mariner2 cvelist1 nessus34 cnvd1 ubuntucve1 veracode1 prion1 osv6 nvd1 debiancve1 cve1 alpinelinux1 amazon3 openvas21 mageia1 debian2 cloudfoundry1 oraclelinux1 rocky1 ubuntu1 redhat1 almalinux1 gentoo1 photon3