CVE-2023-2731
Summary
| CVE | CVE-2023-2731 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-05-17 22:15:00 UTC |
|---|
| Updated | 2023-07-03 16:15:00 UTC |
|---|
| Description | A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 403 Forbidden |
CONFIRM |
security.netapp.com |
|
| Null Pointer Dereference in tif_lzw.c. (#548) · Issues · libtiff / libtiff · GitLab |
MISC |
gitlab.com |
|
| 2207635 – (CVE-2023-2731) CVE-2023-2731 libtiff: null pointer deference in LZWDecode() in libtiff/tif_lzw.c |
MISC |
bugzilla.redhat.com |
|
| cve-details |
MISC |
access.redhat.com |
|
| LZWDecode(): avoid crash when trying to read again from a strip whith… · libsdl-org/libtiff@9be22b6 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161060 Oracle Enterprise Linux Security Update for libtiff (ELSA-2023-6575)
- 183405 Debian Security Update for tiff (CVE-2023-2731)
- 199657 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6290-1)
- 242305 Red Hat Update for libtiff (RHSA-2023:6575)
- 673353 EulerOS Security Update for libtiff (EulerOS-SA-2023-2694)
- 673818 EulerOS Security Update for libtiff (EulerOS-SA-2023-2652)
- 755439 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4736-1)
- 755472 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4869-1)
- 906937 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (26756-1)
- 906964 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (26749-1)
- 941373 AlmaLinux Security Update for libtiff (ALSA-2023:6575)
