CVE-2023-52356

HIGH EPSS 80.2%

Published Jan 25, 20242y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Jan 25, 2024 2y ago

Last Modified Jun 17, 2026 1w ago

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

80.2% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 2

CWE-122

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 3

Vendor	Product	Version	Range
libtiff	libtiff	*	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any

References 39

seclists.org http://seclists.org/fulldisclosure/2024/Jul/16
seclists.org http://seclists.org/fulldisclosure/2024/Jul/17
seclists.org http://seclists.org/fulldisclosure/2024/Jul/18
seclists.org http://seclists.org/fulldisclosure/2024/Jul/19
seclists.org http://seclists.org/fulldisclosure/2024/Jul/20
seclists.org http://seclists.org/fulldisclosure/2024/Jul/21
seclists.org http://seclists.org/fulldisclosure/2024/Jul/22
seclists.org http://seclists.org/fulldisclosure/2024/Jul/23
access.redhat.com https://access.redhat.com/errata/RHSA-2024:5079
access.redhat.com https://access.redhat.com/errata/RHSA-2025:20801
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21994
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23078
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23079
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23080
access.redhat.com https://access.redhat.com/errata/RHSA-2026:16174
access.redhat.com https://access.redhat.com/errata/RHSA-2026:25096
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3461
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3462
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5958
access.redhat.com https://access.redhat.com/errata/RHSA-2026:7081
access.redhat.com https://access.redhat.com/errata/RHSA-2026:7304
access.redhat.com https://access.redhat.com/errata/RHSA-2026:7335
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8746
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8747
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8748
access.redhat.com https://access.redhat.com/security/cve/CVE-2023-52356

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2251344

Issue TrackingThird Party Advisory
gitlab.com https://gitlab.com/libtiff/libtiff/-/issues/622

Issue TrackingPatch
gitlab.com https://gitlab.com/libtiff/libtiff/-/merge_requests/546

Issue TrackingPatch
lists.debian.org https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
support.apple.com https://support.apple.com/kb/HT214116
support.apple.com https://support.apple.com/kb/HT214117
support.apple.com https://support.apple.com/kb/HT214118
support.apple.com https://support.apple.com/kb/HT214119
support.apple.com https://support.apple.com/kb/HT214120
support.apple.com https://support.apple.com/kb/HT214122
support.apple.com https://support.apple.com/kb/HT214123
support.apple.com https://support.apple.com/kb/HT214124

Remediation

gitlab.com https://gitlab.com/libtiff/libtiff/-/issues/622

Issue TrackingPatch
gitlab.com https://gitlab.com/libtiff/libtiff/-/merge_requests/546

Issue TrackingPatch