2170146 – (CVE-2023-0796) CVE-2023-0796 libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c

Bug 2170146 (CVE-2023-0796) - CVE-2023-0796 libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c

Summary: CVE-2023-0796 libtiff: out-of-bounds read in extractContigSamplesShifted24bit...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-0796
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2170147 2170148 2170149 2170150 2170585 2170586 2170587 2170588 2193350
Blocks:	2169674
TreeView+	depends on / blocked

Reported:	2023-02-15 19:12 UTC by Guilherme de Almeida Suckevicz
Modified:	2025-05-01 19:21 UTC (History)
CC List:	27 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-06-22 01:43:30 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:3711	0	None	None	None	2023-06-21 14:38:33 UTC

Description Guilherme de Almeida Suckevicz 2023-02-15 19:12:58 UTC

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

References:
https://gitlab.com/libtiff/libtiff/-/issues/499
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json

Upstream patch:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

Comment 1 Guilherme de Almeida Suckevicz 2023-02-15 19:13:29 UTC

Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2170148]


Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2170149]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2170147]


Created tkimg tracking bugs for this issue:

Affects: fedora-all [bug 2170150]

Comment 3 errata-xmlrpc 2023-06-21 14:38:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3711 https://access.redhat.com/errata/RHSA-2023:3711

Comment 4 Product Security DevOps Team 2023-06-22 01:43:27 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-0796

Note You need to log in before you can comment on or make changes to this bug.

bdettelb
caswilli
crizzo
dffrench
dkuc
doconnor
fjansen
gzaronik
hkataria
jburrell
jkoehler
jsamir
kaycoth
kholdawa
kshier
lcouzens
lphiri
micjohns
mmuzila
mskarbek
nforro
ngough
rgodfrey
rh-spice-bugs
sthirugn
teagle
vkrizan