Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-52356
HistoryJan 25, 2024 - 12:00 a.m.

CVE-2023-52356

2024-01-2500:00:00
ubuntu.com
ubuntu.com
15
libtiff
remote attacker
heap-buffer overflow
denial of service
cve-2023-52356

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

A segment fault (SEGV) flaw was found in libtiff that could be triggered by
passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw
allows a remote attacker to cause a heap-buffer overflow, leading to a
denial of service.

Bugs

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%