Heap Buffer Overflow in libtiff Library Affecting Multiple Vendors
CVE-2023-30774

5.5MEDIUM

Key Information:

Vendor: Libtiff
Status: libtiff
Vendor: CVE Published:; 19 May 2023

What is CVE-2023-30774?

A vulnerability present in the libtiff library results in a heap buffer overflow triggered by specific values, namely TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS. This flaw can lead to potential exploitation scenarios impacting the stability and security of the applications leveraging this library. It highlights the necessity for immediate patching procedures for all developers and users dependent on affected versions of libtiff to mitigate any risks associated with this vulnerability.

Affected Version(s)

libtiff 4.0

References

https://gitlab.com/libtiff/libtiff/-/issues/463

https://access.redhat.com/security/cve/CVE-2023-30774

https://bugzilla.redhat.com/show_bug.cgi?id=2187139

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2023
Vulnerability Reserved
Apr 17, 2023

Libtiff

What is CVE-2023-30774?

Affected Version(s)

References

CVSS V3.1

Timeline