CVE-2023-0801

2023-02-1300:00:00

ubuntu.com

libtiff 4.4.0

out-of-bounds write

denial-of-service

crafted tiff file

fix available

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

31.6%

JSON

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and
tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via
a crafted tiff file. For users that compile libtiff from sources, the fix
is available with commit 33aee127.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchtiff< 4.0.9-5ubuntu0.10UNKNOWN
ubuntu20.04noarchtiff< 4.1.0+git191117-2ubuntu0.20.04.8UNKNOWN
ubuntu22.04noarchtiff< 4.3.0-6ubuntu0.4UNKNOWN
ubuntu22.10noarchtiff< 4.4.0-4ubuntu3.3UNKNOWN
ubuntu14.04noarchtiff< 4.0.3-7ubuntu0.11+esm7UNKNOWN
ubuntu16.04noarchtiff< 4.0.6-1ubuntu0.8+esm10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	tiff	< 4.0.9-5ubuntu0.10	UNKNOWN
ubuntu	20.04	noarch	tiff	< 4.1.0+git191117-2ubuntu0.20.04.8	UNKNOWN
ubuntu	22.04	noarch	tiff	< 4.3.0-6ubuntu0.4	UNKNOWN
ubuntu	22.10	noarch	tiff	< 4.4.0-4ubuntu3.3	UNKNOWN
ubuntu	14.04	noarch	tiff	< 4.0.3-7ubuntu0.11+esm7	UNKNOWN
ubuntu	16.04	noarch	tiff	< 4.0.6-1ubuntu0.8+esm10	UNKNOWN