CVE-2023-3576
04.10.2023, 19:15
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libtiff | libtiff | 𝑥 < 4.5.1 |
| fedoraproject | fedora | - |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libtiff-devel |
| ||||||||||||||||||||||||||||||
| libtiff5 |
| ||||||||||||||||||||||||||||||
| libtiff5-32bit |
| ||||||||||||||||||||||||||||||
| tiff |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-401 - Missing Release of Memory after Effective LifetimeThe software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
References