First published: Thu Jun 08 2023(Updated: )
A heap-buffer-overflow in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. Reference: <a href="https://gitlab.com/libtiff/libtiff/-/issues/542">https://gitlab.com/libtiff/libtiff/-/issues/542</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libtiff Libtiff | <4.6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
debian/tiff | <=4.2.0-1+deb11u5<=4.5.0-6+deb12u1<=4.5.1+git230720-5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3164 is a vulnerability found in the gawk package that allows a heap out-of-bounds read, which may lead to a crash and potential sensitive information disclosure.
CVE-2023-3164 has a severity rating of 7.1, which is considered high.
Versions up to but excluding 5.1.1 of the Fossies Gawk package and exactly version 7.0 of Redhat Enterprise Linux are affected by CVE-2023-3164.
CVE-2023-3164 can be exploited by an attacker to cause a crash and potentially read sensitive information.
Yes, it is recommended to update to a version of the gawk package that is not affected by CVE-2023-3164.