First published: Sun Feb 12 2023(Updated: )
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libtiff | <0:4.0.9-29.el8_8 | 0:4.0.9-29.el8_8 |
redhat/libtiff | <0:4.4.0-8.el9_2 | 0:4.4.0-8.el9_2 |
Libtiff Libtiff | <=4.4.0 | |
debian/tiff | <=4.1.0+git191117-2~deb10u4 | 4.1.0+git191117-2~deb10u8 4.2.0-1+deb11u4 4.5.0-6 4.5.1+git230720-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0801 is a vulnerability in LibTIFF 4.4.0 that allows attackers to cause a denial-of-service via a crafted tiff file.
CVE-2023-0801 affects users who compile libtiff from sources and have version 4.4.0 installed.
CVE-2023-0801 has a severity rating of 6.1, which is classified as medium.
If you compile libtiff from sources, you can apply the fix available with commit 33aee127.
You can find more information about CVE-2023-0801 at the following references: [GitLab Issue](https://gitlab.com/libtiff/libtiff/-/issues/498), [GitLab CVE Details](https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json), [GitLab Commit](https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00).