CVE-2023-2908
Summary
| CVE | CVE-2023-2908 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-30 22:15:00 UTC |
| Updated | 2023-11-07 04:13:00 UTC |
| Description | A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-2908 LibTIFF Vulnerability in NetApp Products | NetApp Product Security | MISC | security.netapp.com | |
| 2218830 – (CVE-2023-2908) CVE-2023-2908 libtiff: null pointer dereference in tif_dir.c | MISC | bugzilla.redhat.com | |
| cve-details | MISC | access.redhat.com | |
| fix runtime error: applying zero offset to null pointer (!479) · Merge requests · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| Merge branch 'mymaster1' into 'master' (9bd48f0d) · Commits · libtiff / libtiff · GitLab | MISC | gitlab.com | |
| [SECURITY] [DLA 3513-1] tiff security update | MISC | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199657 Ubuntu Security Notification for LibTIFF Vulnerabilities (USN-6290-1)
- 6000095 Debian Security Update for tiff (DLA 3513-1)
- 673434 EulerOS Security Update for libtiff (EulerOS-SA-2023-2861)
- 673527 EulerOS Security Update for libtiff (EulerOS-SA-2023-2881)
- 673689 EulerOS Security Update for libtiff (EulerOS-SA-2023-2789)
- 673722 EulerOS Security Update for libtiff (EulerOS-SA-2023-2900)
- 673805 EulerOS Security Update for libtiff (EulerOS-SA-2023-3135)
- 673907 EulerOS Security Update for libtiff (EulerOS-SA-2023-2813)
- 673960 EulerOS Security Update for libtiff (EulerOS-SA-2023-2844)
- 755233 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4371-1)
- 755234 SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:4370-1)
- 907047 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27288-1)
- 907094 Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (27302-1)