CVE-2023-41175

Summary

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

Affected Software

VendorProductVersion RangeStatus
0 < 4.6.0affected
Red HatRed Hat Enterprise Linux 90:4.4.0-12.el9 < *unaffected

Weaknesses

  • CWE-190: Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References