CVE-2023-0804 - OpenCVE

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Libtiff	Libtiff

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

References

Link	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json	VDB Entry
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00	Patch
https://gitlab.com/libtiff/libtiff/-/issues/497	Exploit Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/
https://security.gentoo.org/glsa/202305-31
https://security.netapp.com/advisory/ntap-20230324-0009/
https://www.debian.org/security/2023/dsa-5361

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2023-02-13T00:00:00

Updated: 2023-09-01T05:06:14.054567

Reserved: 2023-02-12T00:00:00

Link: CVE-2023-0804

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-13T23:15:12.667

Modified: 2023-11-07T04:01:29.557

Link: CVE-2023-0804

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0804", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2023-09-01T05:06:14.054567", "dateReserved": "2023-02-12T00:00:00", "datePublished": "2023-02-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-09-01T05:06:14.054567"}, "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."}], "affected": [{"vendor": "libtiff", "product": "libtiff", "versions": [{"version": "<=4.4.0", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/497"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json"}, {"name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"name": "DSA-5361", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5361"}, {"url": "https://security.netapp.com/advisory/ntap-20230324-0009/"}, {"name": "GLSA-202305-31", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-31"}, {"name": "FEDORA-2023-8daf1023c7", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/"}], "credits": [{"lang": "en", "value": "wangdw.augustus@gmail.com"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Out-of-bounds write in libtiff"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E0B7DC1-7265-4D0F-9400-1559C3378D18", "versionEndIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."}], "id": "CVE-2023-0804", "lastModified": "2023-11-07T04:01:29.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-02-13T23:15:12.667", "references": [{"source": "cve@gitlab.com", "tags": ["VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json"}, {"source": "cve@gitlab.com", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/497"}, {"source": "cve@gitlab.com", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/"}, {"source": "cve@gitlab.com", "url": "https://security.gentoo.org/glsa/202305-31"}, {"source": "cve@gitlab.com", "url": "https://security.netapp.com/advisory/ntap-20230324-0009/"}, {"source": "cve@gitlab.com", "url": "https://www.debian.org/security/2023/dsa-5361"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}