CVE-2023-52355

Summary

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

Affected Software

VendorProductVersion RangeStatus
0 < 4.6.0affected
Red HatRed Hat Enterprise Linux 90:4.4.0-15.el9 < *unaffected
Red HatRed Hat AI Inference Server 3.23.2.2-1765379088 < *unaffected
Red HatRed Hat AI Inference Server 3.23.2.2-1765379049 < *unaffected
Red HatRed Hat AI Inference Server 3.23.2.2-1764871796 < *unaffected
Red HatRed Hat AI Inference Server 3.21772160593 < *unaffected
Red HatRed Hat AI Inference Server 3.21772160625 < *unaffected
Red HatRed Hat Discovery 22.4.0-1763656152 < *unaffected

Weaknesses

  • CWE-787: Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References