Lucene search

K

Redhat.comRH:CVE-2023-26965

HistoryJun 28, 2023 - 8:47 a.m.

CVE-2023-26965

2023-06-2808:47:18

redhat.com

access.redhat.com

25

heap use-after-free

libtiff

tiffcrop

loadimage

out-of-bounds write

denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.2%

A heap use-after-free vulnerability was found in LibTIFF’s tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=2215206

nvd.nist.gov/vuln/detail/CVE-2023-26965

www.cve.org/CVERecord?id=CVE-2023-26965

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.2%

Related for RH:CVE-2023-26965

prion1 openvas23 cvelist1 cbl_mariner2 nessus32 ubuntucve1 osv5 debiancve1 veracode1 cve1 nvd1 photon3 amazon1 cloudfoundry1 ubuntu2 redhat3 oraclelinux1 almalinux1 mageia1 debian1 ibm3 hp1 ics1