A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/tiff | deb | debian | 12 | >=4.5.0-6+deb12u1 | Not yet available |
| debian/tiff | deb | debian | unstable | >=4.5.1+git230720-4 | Not yet available |
| debian/tiff | deb | debian | 13 | >=4.5.1+git230720-4 | Not yet available |
| debian/tiff | deb | debian | 11 | >=4.2.0-1+deb11u5 | Not yet available |
| debian/tiff | deb | debian | 10 | >=4.1.0+git191117-2~deb10u4 | Not yet available |
Severity and metrics
No CVSS data available from this source.
1.8
-
-
1.8
CVE-2023-3164
-
CVE-2023-3164
-