CVE-2023-1916
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-1916
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1916.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-1916
- Related
- Published
- 2023-04-10T22:15:09Z
- Modified
- 2024-08-01T06:00:24.106420Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
- References
Affected packages
Debian:11 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/debian/tiff?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.2.0-1
4.2.0-1+deb11u1
4.2.0-1+deb11u2
4.2.0-1+deb11u3
4.2.0-1+deb11u4
4.2.0-1+deb11u5
4.3.0-1
4.3.0-2
4.3.0-3
4.3.0-4
4.3.0-5
4.3.0-6
4.3.0-7
4.3.0-8
4.4.0~rc1-1
4.4.0-1
4.4.0-2
4.4.0-3
4.4.0-4
4.4.0-5
4.4.0-6
4.5.0~rc1-1
4.5.0~rc1+git221213-1
4.5.0~rc3+git221213-1
4.5.0-1
4.5.0-2
4.5.0-3
4.5.0-4
4.5.0-5
4.5.0-6
4.5.1~rc3-1
4.5.1-1
4.5.1+git230720-1
4.5.1+git230720-2
4.5.1+git230720-3
4.5.1+git230720-4
4.6.0-1
4.6.0-2
Debian:12 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/debian/tiff?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/debian/tiff?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected