CVE-2023-1916

EUVD-2023-24104
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
4.0 ≤
𝑥
≤ 4.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
bionic
Fixed 4.0.9-5ubuntu0.10+esm3
released
focal
Fixed 4.1.0+git191117-2ubuntu0.20.04.10
released
jammy
Fixed 4.3.0-6ubuntu0.6
released
kinetic
ignored
lunar
Fixed 4.5.0-5ubuntu1.2
released
mantic
ignored
noble
Fixed 4.5.1+git230720-4ubuntu1
released
trusty
Fixed 4.0.3-7ubuntu0.11+esm10
released
xenial
Fixed 4.0.6-1ubuntu0.8+esm13
released
Common Weakness Enumeration
References
https://gitlab.com/libtiff/libtiff/-/issues/536%2C
https://gitlab.com/libtiff/libtiff/-/issues/537
https://support.apple.com/kb/HT213844
https://gitlab.com/libtiff/libtiff/-/issues/536
https://gitlab.com/libtiff/libtiff/-/issues/536%2C
https://gitlab.com/libtiff/libtiff/-/issues/537
https://support.apple.com/kb/HT213844