CVE-2023-26965
Summary
| CVE | CVE-2023-26965 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-14 21:15:00 UTC |
| Updated | 2023-08-01 02:15:00 UTC |
| Description | loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 403 Forbidden | CONFIRM | security.netapp.com | |
| tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527 (!472) · Merge requests · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| [SECURITY] [DLA 3513-1] tiff security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161060 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-6575)
- 199523 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6229-1)
- 199657 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6290-1)
- 242305 Red Hat Update for libtiff (RHSA-2023:6575)
- 355750 Amazon Linux Security Advisory for libtiff : ALAS2023-2023-271
- 356138 Amazon Linux Security Advisory for libtiff : ALAS2-2023-2263
- 6000095 Debian Security Update for tiff (DLA 3513-1)
- 673299 EulerOS Security Update for libtiff (EulerOS-SA-2023-2617)
- 673303 EulerOS Security Update for libtiff (EulerOS-SA-2023-2587)
- 673434 EulerOS Security Update for libtiff (EulerOS-SA-2023-2861)
- 673689 EulerOS Security Update for libtiff (EulerOS-SA-2023-2789)
- 673711 EulerOS Security Update for libtiff (EulerOS-SA-2024-1148)
- 673805 EulerOS Security Update for libtiff (EulerOS-SA-2023-3135)
- 673907 EulerOS Security Update for libtiff (EulerOS-SA-2023-2813)
- 673960 EulerOS Security Update for libtiff (EulerOS-SA-2023-2844)
- 907058 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27158-1)
- 907084 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27165-1)
- 941373 AlmaLinux Security Update for libtiff (ALSA-2023:6575)