Lucene search

Redhat.comRH:CVE-2023-6228

HistoryNov 21, 2023 - 5:50 a.m.

CVE-2023-6228

2023-11-2105:50:40

redhat.com

access.redhat.com

cve-2023-6228

tiffcp

libtiff

heap-based buffer overflow

application crash

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

References

bugzilla.redhat.com/show_bug.cgi?id=2240995

nvd.nist.gov/vuln/detail/CVE-2023-6228

www.cve.org/CVERecord?id=CVE-2023-6228

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

Related for RH:CVE-2023-6228