CVE-2023-1916

ADVISORY - nist

Summary

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

EPSS Score⁠: 0.00017 (0.024)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125⁠

Out-of-bounds Read

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-125⁠

Out-of-bounds Read

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-125⁠

Out-of-bounds Read

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

9 months ago

ADVISORY IDCVE-2023-1916⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.1medium

Debian

CREATED

2 years ago

UPDATED

19 days ago

ADVISORY IDCVE-2023-1916⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

2 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2023-1916⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.1low

GitLab

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2023-1916

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-125⁠CWE-937⁠

CVSS SCORE

6.1medium

Red Hat

CREATED

2 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2023-1916⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.1low

intheWild

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY IDCVE-2023-1916⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY