Heap Buffer Overflow in libtiff Library Affecting Multiple Vendors
CVE-2023-30774

5.5MEDIUM

Key Information:

Vendor: Libtiff
Status: libtiff
Vendor: CVE Published:; 19 May 2023

What is CVE-2023-30774?

A vulnerability present in the libtiff library results in a heap buffer overflow triggered by specific values, namely TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS. This flaw can lead to potential exploitation scenarios impacting the stability and security of the applications leveraging this library. It highlights the necessity for immediate patching procedures for all developers and users dependent on affected versions of libtiff to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

libtiff 4.0

References

https://gitlab.com/libtiff/libtiff/-/issues/463

https://access.redhat.com/security/cve/CVE-2023-30774

https://bugzilla.redhat.com/show_bug.cgi?id=2187139

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 19, 2023
Vulnerability Reserved
Apr 17, 2023

JSON

Libtiff

What is CVE-2023-30774?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.