CVE-2023-26966

CVE	CVE-2023-26966
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-06-29 20:15:00 UTC
Updated	2023-08-01 02:15:00 UTC
Description	libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

Problem Types: CWE-120

Type	Vendor	Product	Version	Update	Edition	Language
Application	Libtiff	Libtiff	4.5.0	-	All	All

Reference	Source	Link	Tags
SEGV at /libtiff/tif_luv.c:961 in uv_encode() (#530) · Issues · libtiff / libtiff · GitLab	MISC	gitlab.com
tif_luv: Check and correct for NaN data in uv_encode(). (!473) · Merge requests · libtiff / libtiff · GitLab	MISC	gitlab.com
[SECURITY] [DLA 3513-1] tiff security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

161060 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-6575)
199523 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6229-1)
199657 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6290-1)
242305 Red Hat Update for libtiff (RHSA-2023:6575)
355630 Amazon Linux Security Advisory for libtiff : ALAS2023-2023-253
6000095 Debian Security Update for tiff (DLA 3513-1)
673434 EulerOS Security Update for libtiff (EulerOS-SA-2023-2861)
673960 EulerOS Security Update for libtiff (EulerOS-SA-2023-2844)
755233 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4371-1)
755234 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4370-1)
907059 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27287-1)
907110 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27303-1)
941373 AlmaLinux Security Update for libtiff (ALSA-2023:6575)