Unrated severityNVD Advisory· Published Jun 30, 2023· Updated Nov 3, 2025

Libtiff: null pointer dereference in tif_dir.c

CVE-2023-2908

Description

A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.

Affected products

N/A/Libtiffv5
Range: 4.5.1rc1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2023-2908mitre
bugzilla.redhat.com/show_bug.cgimitre
gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3fmitre
lists.debian.org/debian-lts-announce/2023/07/msg00034.htmlmitre
security.netapp.com/advisory/ntap-20230731-0004/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000