CVE-2023-52356

Summary

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Affected Software

VendorProductVersion RangeStatus
0 < 4.6.0affected
Red HatRed Hat Enterprise Linux 100:4.6.0-6.el10_1.2 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:4.6.0-6.el10_0.2 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.0.9-32.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 90:4.4.0-15.el9 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:4.4.0-13.el9_6.3 < *unaffected
Red HatRed Hat AI Inference Server 3.23.2.2-1765379088 < *unaffected
Red HatRed Hat AI Inference Server 3.23.2.2-1765379049 < *unaffected
Red HatRed Hat AI Inference Server 3.23.2.2-1764871796 < *unaffected
Red HatRed Hat AI Inference Server 3.21780681984 < *unaffected
Red HatRed Hat AI Inference Server 3.21772160593 < *unaffected
Red HatRed Hat AI Inference Server 3.21772160625 < *unaffected
Red HatRed Hat AI Inference Server 3.21775740563 < *unaffected
Red HatRed Hat AI Inference Server 3.31778244546 < *unaffected
Red HatRed Hat AI Inference Server 3.31775680192 < *unaffected
Red HatRed Hat AI Inference Server 3.31775680262 < *unaffected
Red HatRed Hat AI Inference Server 3.31775749857 < *unaffected
Red HatRed Hat Discovery 22.4.0-1763656152 < *unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References