Vulnerability Details : CVE-2023-1916
Potential exploit
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Vulnerability category: Denial of serviceInformation leak
Products affected by CVE-2023-1916
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-1916
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 2 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-1916
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
1.8
|
4.2
|
NIST |
CWE ids for CVE-2023-1916
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-1916
-
https://gitlab.com/libtiff/libtiff/-/issues/536
tiffcrop: heap-buffer-overflow in file tiffcrop.c, line 7847 (#536) · Issues · libtiff / libtiff · GitLabExploit;Issue Tracking
-
https://support.apple.com/kb/HT213844
About the security content of macOS Monterey 12.6.8 - Apple Support
-
https://gitlab.com/libtiff/libtiff/-/issues/536%2C
Just a moment...
-
https://gitlab.com/libtiff/libtiff/-/issues/537
tiffcrop: heap-buffer-overflow in file tiffcrop.c, line 7874 (#537) · Issues · libtiff / libtiff · GitLabExploit;Issue Tracking
-
https://gitlab.com/libtiff/libtiff/-/issues/536,
Checking your Browser - GitLabPermissions Required
Jump to