Ubuntu.comUB:CVE-2023-52355CVE-2023-52355
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.0%
An out-of-memory flaw was found in libtiff that could be triggered by
passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This
flaw allows a remote attacker to cause a denial of service via a crafted
input with a size smaller than 379 KB.
Bugs
- <https://gitlab.com/libtiff/libtiff/-/issues/621>
- <https://bugzilla.redhat.com/show_bug.cgi?id=2251326>
Notes
| Author | Note |
|---|---|
| Priority reason: The fix for this issue is in the documentation for applications to ensure they properly limit memory usage. | |
| sbeattie | texmaker added an embedded copy of libtiff in bionic |
| rodrigo-zaiden | fix in documentation only, marking all Ubuntu releases as ignored, as the fix in Documentation won’t be of any usage in backports. if that is not the case, I’ll be happy to move it back to an active status. |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.0%