CVE-2023-3164 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
redhat	CNA	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
libtiff	libtiff	𝑥 < 4.6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tiff

bullseye (security)	unimportant
bullseye	unimportant
bookworm	unimportant
bookworm (security)	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

tiff

noble	Fixed 4.5.1+git230720-4ubuntu2.1 released
mantic	Fixed 4.5.1+git230720-1ubuntu1.2 released
lunar	ignored
kinetic	ignored
jammy	Fixed 4.3.0-6ubuntu0.9 released
focal	Fixed 4.1.0+git191117-2ubuntu0.20.04.13 released
bionic	Fixed 4.0.9-5ubuntu0.10+esm6 released
xenial	Fixed 4.0.6-1ubuntu0.8+esm16 released
trusty	Fixed 4.0.3-7ubuntu0.11+esm13 released

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://access.redhat.com/security/cve/CVE-2023-3164

https://bugzilla.redhat.com/show_bug.cgi?id=2213531

https://gitlab.com/libtiff/libtiff/-/issues/542

https://access.redhat.com/security/cve/CVE-2023-3164

https://bugzilla.redhat.com/show_bug.cgi?id=2213531

https://gitlab.com/libtiff/libtiff/-/issues/542