CVE-2023-52355

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52355

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52355.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52355

Related

CGA-p38m-7xhg-hw5f

Published

2024-01-25T20:15:38Z

Modified

2024-09-18T03:24:31.617296Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

References

Affected packages

Debian:11 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.0-1

4.2.0-1+deb11u1

4.2.0-1+deb11u2

4.2.0-1+deb11u3

4.2.0-1+deb11u4

4.2.0-1+deb11u5

4.3.0-1

4.3.0-2

4.3.0-3

4.3.0-4

4.3.0-5

4.3.0-6

4.3.0-7

4.3.0-8

4.4.0~rc1-1

4.4.0-1

4.4.0-2

4.4.0-3

4.4.0-4

4.4.0-5

4.4.0-6

4.5.0~rc1-1

4.5.0~rc1+git221213-1

4.5.0~rc3+git221213-1

4.5.0-1

4.5.0-2

4.5.0-3

4.5.0-4

4.5.0-5

4.5.0-6

4.5.1~rc3-1

4.5.1-1

4.5.1+git230720-1

4.5.1+git230720-2

4.5.1+git230720-3

4.5.1+git230720-4

4.5.1+git230720-5

4.6.0-1

4.6.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.0-6

4.5.0-6+deb12u1

4.5.1~rc3-1

4.5.1-1

4.5.1+git230720-1

4.5.1+git230720-2

4.5.1+git230720-3

4.5.1+git230720-4

4.5.1+git230720-5

4.6.0-1

4.6.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1+git230720-4

Affected versions

4.*

4.5.0-6

4.5.1~rc3-1

4.5.1-1

4.5.1+git230720-1

4.5.1+git230720-2

4.5.1+git230720-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8b20804fc0ddeaa93667b799b5e1a2a7dc9e3fb2

Affected versions

v3.*

v3.5.3

v3.5.4

v3.5.5

v3.5.7

v3.6.0

v3.6.0beta2

v3.6.1

v3.7.0

v3.7.0alpha

v3.7.0beta

v3.7.0beta2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.8.0

v3.8.1

v3.8.2

v4.*

v4.0.0

v4.0.0alpha

v4.0.0alpha4

v4.0.0alpha5

v4.0.0alpha6

v4.0.0beta7

v4.0.1

v4.0.10

v4.0.2

v4.0.3

v4.0.4

v4.0.4beta

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.2.0

v4.3.0

v4.3.0rc1

v4.4.0

v4.4.0rc1

v4.5.0

v4.5.0rc1

v4.5.0rc2

v4.5.0rc3

v4.5.1

v4.5.1rc1

v4.5.1rc2

v4.5.1rc3

v4.6.0rc1