Buffer Overflow Vulnerability in LibTIFF Affecting Version 4.5.0
CVE-2023-25433

5.5MEDIUM

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 29 June 2023

What is CVE-2023-25433?

LibTIFF version 4.5.0 contains a vulnerability that allows a buffer overflow due to improper buffer size management in the rotateImage function, particularly in the tiffcrop tool. This can lead to heap-based buffer overflow and segmentation faults. If exploited, this vulnerability could allow an attacker to manipulate memory, potentially leading to arbitrary code execution or application crashes.

References

https://gitlab.com/libtiff/libtiff/-/issues/520

https://gitlab.com/libtiff/libtiff/-/merge_requests/467

https://lists.debian.org/debian-lts-announce/2023/07/msg0...

mailing-list

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2023
Vulnerability Reserved
Feb 6, 2023

Libtiff

What is CVE-2023-25433?

References

CVSS V3.1

Timeline