High severity7.5NVD Advisory· Published Jan 25, 2024· Updated Jun 10, 2026
CVE-2023-52356
CVE-2023-52356
Description
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords27 versionspkg:apk/chainguard/tiffpkg:apk/chainguard/tiff-devpkg:apk/chainguard/tiff-docpkg:apk/wolfi/tiffpkg:apk/wolfi/tiff-devpkg:apk/wolfi/tiff-docpkg:rpm/almalinux/libtiffpkg:rpm/almalinux/libtiff-develpkg:rpm/almalinux/libtiff-toolspkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.1
< 0+ 26 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 4.0.9-32.el8_10
- (no CPE)range: < 4.0.9-32.el8_10
- (no CPE)range: < 4.0.9-32.el8_10
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.7.0-150600.3.8.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.6.0-4.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.7.0-150600.3.8.1
- (no CPE)range: < 4.0.9-150000.45.38.1
- (no CPE)range: < 4.7.0-150600.3.8.1
- (no CPE)range: < 4.0.9-44.77.1
- (no CPE)range: < 4.0.9-44.77.1
- (no CPE)range: < 4.0.9-44.77.1
- (no CPE)range: < 4.7.1-1.1
- (no CPE)range: < 4.7.1-slfo.1.1_1.1
Patches
Vulnerability mechanics
References
39- gitlab.com/libtiff/libtiff/-/issues/622nvdIssue TrackingPatch
- gitlab.com/libtiff/libtiff/-/merge_requests/546nvdIssue TrackingPatch
- access.redhat.com/security/cve/CVE-2023-52356nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/16nvd
- seclists.org/fulldisclosure/2024/Jul/17nvd
- seclists.org/fulldisclosure/2024/Jul/18nvd
- seclists.org/fulldisclosure/2024/Jul/19nvd
- seclists.org/fulldisclosure/2024/Jul/20nvd
- seclists.org/fulldisclosure/2024/Jul/21nvd
- seclists.org/fulldisclosure/2024/Jul/22nvd
- seclists.org/fulldisclosure/2024/Jul/23nvd
- access.redhat.com/errata/RHSA-2024:5079nvd
- access.redhat.com/errata/RHSA-2025:20801nvd
- access.redhat.com/errata/RHSA-2025:21994nvd
- access.redhat.com/errata/RHSA-2025:23078nvd
- access.redhat.com/errata/RHSA-2025:23079nvd
- access.redhat.com/errata/RHSA-2025:23080nvd
- access.redhat.com/errata/RHSA-2026:16174nvd
- access.redhat.com/errata/RHSA-2026:25096nvd
- access.redhat.com/errata/RHSA-2026:3461nvd
- access.redhat.com/errata/RHSA-2026:3462nvd
- access.redhat.com/errata/RHSA-2026:5958nvd
- access.redhat.com/errata/RHSA-2026:7081nvd
- access.redhat.com/errata/RHSA-2026:7304nvd
- access.redhat.com/errata/RHSA-2026:7335nvd
- access.redhat.com/errata/RHSA-2026:8746nvd
- access.redhat.com/errata/RHSA-2026:8747nvd
- access.redhat.com/errata/RHSA-2026:8748nvd
- lists.debian.org/debian-lts-announce/2024/03/msg00011.htmlnvd
- lists.debian.org/debian-lts-announce/2025/01/msg00019.htmlnvd
- support.apple.com/kb/HT214116nvd
- support.apple.com/kb/HT214117nvd
- support.apple.com/kb/HT214118nvd
- support.apple.com/kb/HT214119nvd
- support.apple.com/kb/HT214120nvd
- support.apple.com/kb/HT214122nvd
- support.apple.com/kb/HT214123nvd
- support.apple.com/kb/HT214124nvd
News mentions
0No linked articles in our index yet.