2216614 – (CVE-2023-25435) CVE-2023-25435 libtiff: tiffcrop: heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c

Bug 2216614 (CVE-2023-25435) - CVE-2023-25435 libtiff: tiffcrop: heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c

Summary: CVE-2023-25435 libtiff: tiffcrop: heap-buffer-overflow in extractContigSample...

Keywords:
Status:	NEW
Alias:	CVE-2023-25435
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2216615 2216616 2216617 2216618 2216619 2216620 2216621
Blocks:	2216658
TreeView+	depends on / blocked

Reported:	2023-06-22 05:37 UTC by TEJ RATHI
Modified:	2025-05-01 19:04 UTC (History)
CC List:	24 users (show)
Fixed In Version:	libtiff 4.5.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-06-22 05:37:39 UTC

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

https://gitlab.com/libtiff/libtiff/-/issues/518

Comment 1 TEJ RATHI 2023-06-22 05:38:01 UTC

Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2216615]

Comment 2 TEJ RATHI 2023-06-22 05:39:42 UTC

Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2216616]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2216617]

Note You need to log in before you can comment on or make changes to this bug.

aprice
bdettelb
caswilli
crizzo
dkuc
doconnor
fjansen
hkataria
jburrell
jkoehler
jsamir
kaycoth
kholdawa
kshier
lcouzens
lphiri
micjohns
mskarbek
nforro
oezr
rh-spice-bugs
sthirugn
teagle
vkrizan