Buffer Overflow Vulnerability in libtiff 4.5.0
CVE-2023-25434

8.8HIGH

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 14 June 2023

What is CVE-2023-25434?

libtiff version 4.5.0 is susceptible to a buffer overflow vulnerability in the extractContigSamplesBytes() function, which is located in the tiffcrop.c file. This vulnerability could be exploited to execute arbitrary code or cause a denial of service by processing specially crafted TIFF files. Users of this library should review the potential impacts and implement necessary mitigations promptly. More information can be found in the issue details on GitLab: https://gitlab.com/libtiff/libtiff/-/issues/519.

References

https://gitlab.com/libtiff/libtiff/-/issues/519

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Feb 6, 2023

Libtiff

What is CVE-2023-25434?

References

CVSS V3.1

Timeline