CVE-2023-0799 MEDIUM

CVE-2023-0799

Vendor Libtiff

Product libtiff

Published February 13, 2023

Last update March 21, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

Key dates

02Disclosure timeline

February 13, 2023 CVE published

March 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0799