CVE-2023-6228 : An issue was found in the tiffcp utility distributed by the libtiff package wher

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

Published 2023-12-18 14:15:12

Updated 2024-10-11 16:15:05

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2023-6228

Libtiff » Libtiff » Version: N/A
cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 6.0
When used together with: Redhat » Enterprise Linux » Version: 7.0
When used together with: Redhat » Enterprise Linux » Version: 8.0
When used together with: Redhat » Enterprise Linux » Version: 9.0

Exploit prediction scoring system (EPSS) score for CVE-2023-6228

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 2 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6228

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	1.8	1.4	Red Hat, Inc.	2024-10-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2023-6228

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: secalert@redhat.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2023-6228

https://access.redhat.com/errata/RHSA-2024:5079

RHSA-2024:5079 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:2289

RHSA-2024:2289 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/security/cve/CVE-2023-6228

CVE-2023-6228- Red Hat Customer Portal
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2240995

2240995 – (CVE-2023-6228) CVE-2023-6228 libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c
Issue Tracking;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-6228

Products affected by CVE-2023-6228

Exploit prediction scoring system (EPSS) score for CVE-2023-6228

CVSS scores for CVE-2023-6228

CWE ids for CVE-2023-6228

References for CVE-2023-6228