Lucene search
Ubuntu.comUB:CVE-2023-2908HistoryJun 30, 2023 - 12:00 a.m.
CVE-2023-2908
2023-06-3000:00:00
ubuntu.com
ubuntu.com
6
libtiff
tif_dir.c
denial of service
crafted tiff image
runtime error
application crash
bugzilla.redhat.com
cve-2023-2908
unix
0.0005 Low
EPSS
Percentile
16.1%
A null pointer dereference issue was found in Libtiff’s tif_dir.c file.
This issue may allow an attacker to pass a crafted TIFF image file to the
tiffcp utility which triggers a runtime error that causes undefined
behavior. This will result in an application crash, eventually leading to a
denial of service.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | tiff | < 4.0.9-5ubuntu0.10+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 20.04 | noarch | tiff | < 4.1.0+git191117-2ubuntu0.20.04.9 | UNKNOWN |
| ubuntu | 22.04 | noarch | tiff | < 4.3.0-6ubuntu0.5 | UNKNOWN |
| ubuntu | 23.04 | noarch | tiff | < 4.5.0-5ubuntu1.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | tiff | < 4.0.3-7ubuntu0.11+esm9) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 16.04 | noarch | tiff | < 4.0.6-1ubuntu0.8+esm12) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
References
access.redhat.com/security/cve/CVE-2023-2908
gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
gitlab.com/libtiff/libtiff/-/merge_requests/479
launchpad.net/bugs/cve/CVE-2023-2908
nvd.nist.gov/vuln/detail/CVE-2023-2908
security-tracker.debian.org/tracker/CVE-2023-2908
ubuntu.com/security/notices/USN-6290-1
www.cve.org/CVERecord?id=CVE-2023-2908
Related
cve
cve
CVE-2023-2908
2023-06-30 22:15:10
debiancve
debiancve
CVE-2023-2908
2023-06-30 22:15:10
redhatcve
redhatcve
CVE-2023-2908
2023-06-30 08:17:32
osv
osv
CVE-2023-2908
2023-06-30 22:15:10
tiff - security update
2023-07-31 00:00:00
tiff vulnerabilities
2023-08-15 21:02:25
prion
prion
Null pointer dereference
2023-06-30 22:15:00
cbl_mariner
cbl_mariner
CVE-2023-2908 affecting package libtiff for versions less than 4.5.1-1
2023-08-03 02:51:21
CVE-2023-2908 affecting package libtiff 4.5.0-3
2023-07-28 23:16:55
cvelist
cvelist
CVE-2023-2908 Libtiff: null pointer dereference in tif_dir.c
2023-06-30 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-3401)
2023-12-14 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-3101)
2023-11-01 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2918)
2023-10-10 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.6 : libtiff (EulerOS-SA-2023-3401)
2024-01-16 00:00:00
EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2023-2900)
2024-01-16 00:00:00
EulerOS Virtualization 2.10.1 : libtiff (EulerOS-SA-2023-2918)
2024-01-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0610
2023-07-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0044
2023-07-05 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2023-09-11 16:07:54
debian
debian
[SECURITY] [DLA 3513-1] tiff security update
2023-07-31 23:56:45
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-08-15 00:00:00
ibm
ibm
hp
hp
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00