Buffer Overflow Vulnerability in libtiff Affects Multiple Versions
CVE-2023-25435

5.5MEDIUM

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 21 June 2023

What is CVE-2023-25435?

The libtiff library version 4.5.0 contains a buffer overflow vulnerability in the function extractContigSamplesShifted8bits(), specifically located in the tiffcrop.c file. This flaw could allow an attacker to exploit memory operations, potentially leading to arbitrary code execution or causing application crashes. It is essential to update to the latest version of the library to mitigate the risk associated with this vulnerability.

References

https://gitlab.com/libtiff/libtiff/-/issues/518

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2023
Vulnerability Reserved
Feb 6, 2023

Libtiff

What is CVE-2023-25435?

References

CVSS V3.1

Timeline