Multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow.
This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/592 (but it looks that this RHBZ entry is swapped with actually CVE-2023-38288).
In reply to comment #3: > This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/592 > (but it looks that this RHBZ entry is swapped with actually CVE-2023-38288). Hi, These CVEs are assigned by us (Red Hat CNA), CVEs attached to the bugs are from the final vulnerabilities report sent by the reporter. I am discussing about this issue with the reporter to rectify from his end.
Same question as in https://bugzilla.redhat.com/show_bug.cgi?id=2224971#c5
*** This bug has been marked as a duplicate of bug 2235265 ***
Rejected the old CVE and re-assigned the vulnerabiliy with new flaw and CVE. Please track the below link[0] for more information. https://bugzilla.redhat.com/show_bug.cgi?id=2235265 Regardng the comment for the old CVE (as Not a security issue) on Mitre, we are working to correct the statement.