CVE-2023-40745

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type

GIT

Repo

https://gitlab.com/libtiff/libtiff

Events

Introduced

Fixed

8b20804fc0ddeaa93667b799b5e1a2a7dc9e3fb2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.6.0"
        }
    ]
}

Affected versions

v3.*

v3.5.3

v3.5.4

v3.5.5

v3.5.7

v3.6.0

v3.6.0beta2

v3.6.1

v3.7.0

v3.7.0alpha

v3.7.0beta

v3.7.0beta2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.8.0

v3.8.1

v3.8.2

v4.*

v4.0.0

v4.0.0alpha

v4.0.0alpha4

v4.0.0alpha5

v4.0.0alpha6

v4.0.0beta7

v4.0.1

v4.0.10

v4.0.2

v4.0.3

v4.0.4

v4.0.4beta

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.2.0

v4.3.0

v4.3.0rc1

v4.4.0

v4.4.0rc1

v4.5.0

v4.5.0rc1

v4.5.0rc2

v4.5.0rc3

v4.5.1

v4.5.1rc1

v4.5.1rc2

v4.5.1rc3

v4.6.0rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40745.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]