Vulnerability DatabaseCVE-2023-2908
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-2908
June 30, 2023
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
Affected Packages
libtiff (CONAN):
Affected version(s) >=4.0.8 <4.5.1
Fix Suggestion:
Update to version 4.5.1
Related Resources (8)
https://access.redhat.com/security/cve/CVE-2023-2908
https://security.netapp.com/advisory/ntap-20230731-0004/
https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
https://gitlab.com/libtiff/libtiff/-/merge_requests/479
https://security-tracker.debian.org/tracker/CVE-2023-2908
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
https://bugzilla.redhat.com/show_bug.cgi?id=2218830
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.01