Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:RLSA-2023:3711
HistoryAug 31, 2023 - 4:55 p.m.

Moderate: libtiff security update

2023-08-3116:55:40
Google
osv.dev
12
libtiff
security
update
heap-based buffer overflow
out-of-bounds read
out-of-bounds write

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

35.1%

JSON

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281)

  • libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0795)

  • libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0796)

  • libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0797)

  • libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c (CVE-2023-0798)

  • libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0799)

  • libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800)

  • libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801)

  • libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802)

  • libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803)

  • libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

oraclelinux 3
nessus 55
rocky 3
redhat 4
gentoo 1
almalinux 3
osv 16
openvas 28
ubuntu 1
debian 3
mageia 2
cloudfoundry 1
amazon 5
photon 2
ibm 2
redhatcve 7
debiancve 6
nvd 6
cnvd 3
cbl_mariner 11
cve 4
cvelist 6
ubuntucve 7
alpinelinux 6
redos 1
prion 6
veracode 6
fedora 1
oraclelinux
oraclelinux
libtiff security update
2023-06-21 00:00:00
libtiff security update
2023-09-26 00:00:00
libtiff security update
2023-06-29 00:00:00
nessus
nessus
Oracle Linux 9 : libtiff (ELSA-2023-3711)
2023-06-22 00:00:00
RHEL 9 : libtiff (RHSA-2023:3711)
2023-06-22 00:00:00
AlmaLinux 9 : libtiff (ALSA-2023:3711)
2023-06-26 00:00:00
rocky
rocky
libtiff security update
2023-08-31 16:55:40
libtiff security update
2023-10-05 21:33:47
libtiff security update
2023-08-31 16:54:34
redhat
redhat
(RHSA-2023:3711) Moderate: libtiff security update
2023-06-21 13:52:06
(RHSA-2023:5353) Moderate: libtiff security update
2023-09-26 08:51:29
(RHSA-2023:6137) Important: Migration Toolkit for Runtimes security update
2023-10-26 10:01:30
gentoo
gentoo
LibTIFF: Multiple Vulnerabilities
2023-05-30 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-06-21 00:00:00
Moderate: libtiff security update
2023-09-26 00:00:00
Moderate: libtiff security update
2023-06-27 00:00:00
osv
osv
Moderate: libtiff security update
2023-06-21 00:00:00
tiff - security update
2023-02-21 00:00:00
tiff vulnerabilities
2023-03-06 17:07:54
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2321-1)
2023-05-31 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2477)
2023-07-31 00:00:00
Mageia: Security Advisory (MGASA-2023-0080)
2023-03-28 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-03-06 00:00:00
debian
debian
[SECURITY] [DSA 5361-1] tiff security update
2023-02-24 08:12:14
[SECURITY] [DLA 3333-1] tiff security update
2023-02-21 22:59:14
[SECURITY] [DLA 3297-1] tiff security update
2023-01-30 21:44:57
mageia
mageia
Updated libtiff packages fix security vulnerability
2023-03-02 00:14:31
Updated libtiff packages fix security vulnerability
2023-02-07 03:06:39
cloudfoundry
cloudfoundry
USN-5923-1: LibTIFF vulnerabilities | Cloud Foundry
2023-03-23 00:00:00
amazon
amazon
Medium: libtiff
2023-08-31 22:29:00
Medium: libtiff
2023-08-31 22:29:00
Medium: libtiff
2023-09-13 23:15:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0605
2023-06-28 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0018
2023-06-06 00:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2024-01-12 18:49:33
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-07-26 20:21:44
redhatcve
redhatcve
CVE-2022-48281
2023-01-24 04:36:30
CVE-2023-0803
2023-02-15 20:29:41
CVE-2023-0795
2023-02-15 17:54:08
debiancve
debiancve
CVE-2022-48281
2023-01-23 03:15:09
CVE-2023-0795
2023-02-13 23:15:11
CVE-2023-0804
2023-02-13 23:15:12
nvd
nvd
CVE-2022-48281
2023-01-23 03:15:09
CVE-2023-0795
2023-02-13 23:15:11
CVE-2023-0804
2023-02-13 23:15:12
cnvd
cnvd
LibTIFF Buffer Overflow Vulnerability (CNVD-2023-29695)
2023-02-03 00:00:00
LibTIFF out-of-bounds read vulnerability
2023-02-15 00:00:00
LibTIFF tiffcrop.c:3609 buffer overflow vulnerability
2023-02-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-48281 affecting package libtiff 4.4.0-6
2023-02-14 02:35:58
CVE-2022-48281 affecting package libtiff for versions less than 4.4.0-7
2023-02-24 01:54:12
CVE-2023-0803 affecting package libtiff for versions less than 4.4.0-8
2023-03-09 00:24:42
cve
cve
CVE-2022-48281
2023-01-23 03:15:09
CVE-2023-0795
2023-02-13 23:15:11
CVE-2023-0804
2023-02-13 23:15:12
cvelist
cvelist
CVE-2022-48281
2023-01-23 00:00:00
CVE-2023-0803
2023-02-13 00:00:00
CVE-2023-0795
2023-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2022-48281
2023-01-23 00:00:00
CVE-2023-0803
2023-02-13 00:00:00
CVE-2023-0795
2023-02-13 00:00:00
alpinelinux
alpinelinux
CVE-2022-48281
2023-01-23 03:15:09
CVE-2023-0803
2023-02-13 23:15:12
CVE-2023-0795
2023-02-13 23:15:11
redos
redos
ROS-20230124-03
2023-01-24 00:00:00
prion
prion
Heap overflow
2023-01-23 03:15:00
Out-of-bounds
2023-02-13 23:15:00
Out-of-bounds
2023-02-13 23:15:00
veracode
veracode
Heap-Based Buffer Overflow
2023-01-27 04:17:16
Denial Of Service (DoS)
2023-02-21 11:05:32
Denial Of Service (DoS)
2023-02-20 04:35:33
fedora
fedora
[SECURITY] Fedora 38 Update: libtiff-4.4.0-8.fc38
2023-09-01 01:31:05

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

35.1%

JSON
Related for OSV:RLSA-2023:3711
oraclelinux3nessus55rocky3redhat4gentoo1almalinux3osv16openvas28ubuntu1debian3mageia2cloudfoundry1amazon5photon2ibm2redhatcve7debiancve6nvd6cnvd3cbl_mariner11cve4cvelist6ubuntucve7alpinelinux6redos1prion6veracode6fedora1