Bug 2185074 (CVE-2023-1916) - CVE-2023-1916 libtiff: out-of-bounds read in extractImageSection() in tools/tiffcrop.c
Summary: CVE-2023-1916 libtiff: out-of-bounds read in extractImageSection() in tools/t...
Keywords:
Status: NEW
Alias: CVE-2023-1916
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2185077 2185078 2185080 2185081 2185082
Blocks: 2184412 2185075
TreeView+ depends on / blocked
 
Reported: 2023-04-06 19:05 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-04-17 18:10 UTC (History)
10 users (show)

Fixed In Version: libtiff 4.5.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-04-06 19:05:11 UTC
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. This issue affects libtiff versions 4.x.

References:
https://gitlab.com/libtiff/libtiff/-/issues/536
https://gitlab.com/libtiff/libtiff/-/issues/537

Comment 1 Guilherme de Almeida Suckevicz 2023-04-06 19:12:47 UTC
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2185077]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2185078]


Note You need to log in before you can comment on or make changes to this bug.