CVE-2023-0802
Summary
| CVE | CVE-2023-0802 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-13 23:15:00 UTC |
| Updated | 2023-05-30 06:16:00 UTC |
| Description | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-5361-1 tiff | DEBIAN | www.debian.org | |
| [SECURITY] [DLA 3333-1] tiff security update | MLIST | lists.debian.org | |
| 2023/CVE-2023-0802.json · master · GitLab.org / cves · GitLab | CONFIRM | gitlab.com | |
| LibTIFF: Multiple Vulnerabilities (GLSA 202305-31) — Gentoo security | GENTOO | security.gentoo.org | |
| Merge branch 'tiffcrop_composite_image_assumption_test_fix#496' into 'master' (33aee127) · Commits · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| tiffcrop: heap-buffer-overflow in extractContigSamplesShifted32bits, tiffcrop.c:3724 (#500) · Issues · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| February 2023 LibTIFF Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: [email protected]
Legacy QID Mappings
- 160748 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-3711)
- 160944 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-5353)
- 181600 Debian Security Update for tiff (DLA 3333-1)
- 181682 Debian Security Update for tiff (DSA 5361-1)
- 182414 Debian Security Update for tiff (CVE-2023-0802)
- 199216 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-5923-1)
- 241737 Red Hat Update for libtiff (RHSA-2023:3711)
- 242083 Red Hat Update for libtiff (RHSA-2023:5353)
- 356161 Amazon Linux Security Advisory for libtiff : ALAS-2023-1829
- 502796 Alpine Linux Security Update for tiff
- 503026 Alpine Linux Security Update for tiff
- 503134 Alpine Linux Security Update for tiff
- 503693 Alpine Linux Security Update for tiff
- 505947 Alpine Linux Security Update for tiff
- 672867 EulerOS Security Update for libtiff (EulerOS-SA-2023-1599)
- 672968 EulerOS Security Update for libtiff (EulerOS-SA-2023-1874)
- 672998 EulerOS Security Update for libtiff (EulerOS-SA-2023-1849)
- 673036 EulerOS Security Update for libtiff (EulerOS-SA-2023-1957)
- 673055 EulerOS Security Update for libtiff (EulerOS-SA-2023-1979)
- 673076 EulerOS Security Update for libtiff (EulerOS-SA-2023-2157)
- 673143 EulerOS Security Update for libtiff (EulerOS-SA-2023-2298)
- 673160 EulerOS Security Update for libtiff (EulerOS-SA-2023-2274)
- 710734 Gentoo Linux LibTIFF Multiple Vulnerabilities (GLSA 202305-31)
- 754055 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:2321-1)
- 754062 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:2334-1)
- 905496 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13378)
- 905519 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13395)
- 906485 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13395-1)
- 906521 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13395-2)
- 906556 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13378-1)
- 906566 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13378-3)
- 906685 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (13395-4)
- 941151 AlmaLinux Security Update for libtiff (ALSA-2023:3711)
- 941272 AlmaLinux Security Update for libtiff (ALSA-2023:5353)
- 961026 Rocky Linux Security Update for libtiff (RLSA-2023:5353)