CVE-2023-0796

2023-02-1300:00:00

ubuntu.com

libtiff tiffcrop vulnerability fix

out-of-bounds read

denial-of-service

crafted tiff file

libtiff from sources

commit afaabc3e

unix

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.001

Percentile

30.3%

JSON

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via
a crafted tiff file. For users that compile libtiff from sources, the fix
is available with commit afaabc3e.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchtiff< 4.0.9-5ubuntu0.10UNKNOWN
ubuntu20.04noarchtiff< 4.1.0+git191117-2ubuntu0.20.04.8UNKNOWN
ubuntu22.04noarchtiff< 4.3.0-6ubuntu0.4UNKNOWN
ubuntu22.10noarchtiff< 4.4.0-4ubuntu3.3UNKNOWN
ubuntu14.04noarchtiff< 4.0.3-7ubuntu0.11+esm7UNKNOWN
ubuntu16.04noarchtiff< 4.0.6-1ubuntu0.8+esm10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	tiff	< 4.0.9-5ubuntu0.10	UNKNOWN
ubuntu	20.04	noarch	tiff	< 4.1.0+git191117-2ubuntu0.20.04.8	UNKNOWN
ubuntu	22.04	noarch	tiff	< 4.3.0-6ubuntu0.4	UNKNOWN
ubuntu	22.10	noarch	tiff	< 4.4.0-4ubuntu3.3	UNKNOWN
ubuntu	14.04	noarch	tiff	< 4.0.3-7ubuntu0.11+esm7	UNKNOWN
ubuntu	16.04	noarch	tiff	< 4.0.6-1ubuntu0.8+esm10	UNKNOWN