Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-1916

Published: October 18, 2023Last modified: October 18, 2023

Description

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Severity score breakdown

ParameterValue
Base score6.1
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTStiffVulnerable (4.4.0-r1)
StreamtiffFixed (4.6.0-r0)

References

ON THIS PAGE