Unrated severityNVD Advisory· Published Nov 2, 2023· Updated Oct 11, 2024
Heap-buffer-overflow in extractimagesection()
CVE-2023-3164
Description
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- osv-coords19 versionspkg:apk/chainguard/tiffpkg:apk/chainguard/tiff-devpkg:apk/chainguard/tiff-docpkg:apk/wolfi/tiffpkg:apk/wolfi/tiff-devpkg:apk/wolfi/tiff-docpkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 4.6.0-r0+ 18 more
- (no CPE)range: < 4.6.0-r0
- (no CPE)range: < 4.6.0-r0
- (no CPE)range: < 4.6.0-r0
- (no CPE)range: < 4.6.0-r0
- (no CPE)range: < 4.6.0-r0
- (no CPE)range: < 4.6.0-r0
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-150000.45.44.1
- (no CPE)range: < 4.0.9-44.83.1
- (no CPE)range: < 4.0.9-44.83.1
- (no CPE)range: < 4.0.9-44.83.1
Patches
Vulnerability mechanics
References
3- access.redhat.com/security/cve/CVE-2023-3164mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- gitlab.com/libtiff/libtiff/-/issues/542mitre
News mentions
0No linked articles in our index yet.