CVE-2023-52356
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 4.6.0 | affected | ||
| Red Hat | Red Hat Enterprise Linux 10 | 0:4.6.0-6.el10_1.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:4.6.0-6.el10_0.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.0.9-32.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:4.4.0-15.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:4.4.0-13.el9_6.3 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 3.2.2-1765379088 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 3.2.2-1765379049 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 3.2.2-1764871796 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 1780681984 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 1772160593 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 1772160625 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.2 | 1775740563 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.3 | 1778244546 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.3 | 1775680192 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.3 | 1775680262 < * | unaffected |
| Red Hat | Red Hat AI Inference Server 3.3 | 1775749857 < * | unaffected |
| Red Hat | Red Hat Discovery 2 | 2.4.0-1763656152 < * | unaffected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/security/cve/CVE-2023-52356
- https://bugzilla.redhat.com/show_bug.cgi?id=2251344
- https://gitlab.com/libtiff/libtiff/-/issues/622
- https://gitlab.com/libtiff/libtiff/-/merge_requests/546
- https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214123
- https://support.apple.com/kb/HT214122
- https://support.apple.com/kb/HT214117
- https://support.apple.com/kb/HT214118
- https://support.apple.com/kb/HT214116
- https://support.apple.com/kb/HT214120
- https://support.apple.com/kb/HT214124
- http://seclists.org/fulldisclosure/2024/Jul/16
- http://seclists.org/fulldisclosure/2024/Jul/23
- http://seclists.org/fulldisclosure/2024/Jul/21
- http://seclists.org/fulldisclosure/2024/Jul/20
- http://seclists.org/fulldisclosure/2024/Jul/17
- http://seclists.org/fulldisclosure/2024/Jul/22
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2024:5079
- https://access.redhat.com/errata/RHSA-2025:20801
- https://access.redhat.com/errata/RHSA-2025:21994
- https://access.redhat.com/errata/RHSA-2025:23078
- https://access.redhat.com/errata/RHSA-2025:23079
- https://access.redhat.com/errata/RHSA-2025:23080
- https://access.redhat.com/errata/RHSA-2026:16174
- https://access.redhat.com/errata/RHSA-2026:25096
- https://access.redhat.com/errata/RHSA-2026:3461
- https://access.redhat.com/errata/RHSA-2026:3462
- https://access.redhat.com/errata/RHSA-2026:5958
- https://access.redhat.com/errata/RHSA-2026:7081
- https://access.redhat.com/errata/RHSA-2026:7304
- https://access.redhat.com/errata/RHSA-2026:7335
- https://access.redhat.com/errata/RHSA-2026:8746
- https://access.redhat.com/errata/RHSA-2026:8747
- https://access.redhat.com/errata/RHSA-2026:8748
- https://access.redhat.com/security/cve/CVE-2023-52356
- https://bugzilla.redhat.com/show_bug.cgi?id=2251344
- https://gitlab.com/libtiff/libtiff/-/issues/622
- https://gitlab.com/libtiff/libtiff/-/merge_requests/546
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.