CVE-2023-25433
Summary
| CVE | CVE-2023-25433 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-29 20:15:00 UTC |
| Updated | 2023-08-01 02:15:00 UTC |
| Description | libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| tiffcrop correctly update buffersize after rotateImage() fix#520 (!467) · Merge requests · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| heap-buffer-overflow in processCropSelections() at /libtiff/tools/tiffcrop.c:8499 (SIGSEGV) (#520) · Issues · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| [SECURITY] [DLA 3513-1] tiff security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199523 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6229-1)
- 199657 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6290-1)
- 356415 Amazon Linux Security Advisory for libtiff : ALAS2-2023-2274
- 6000095 Debian Security Update for tiff (DLA 3513-1)
- 673434 EulerOS Security Update for libtiff (EulerOS-SA-2023-2861)
- 673960 EulerOS Security Update for libtiff (EulerOS-SA-2023-2844)
- 755233 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4371-1)
- 755234 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4370-1)
- 907077 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27289-1)
- 907079 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27301-1)