Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-52356

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Published

2024-01-25T20:15:39.063

Last Modified

2025-12-10T19:16:13.163

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libtiff	libtiff	-	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2024:5079 ([email protected])
https://access.redhat.com/errata/RHSA-2025:20801 ([email protected])
https://access.redhat.com/errata/RHSA-2025:21994 ([email protected])
https://access.redhat.com/errata/RHSA-2025:23078 ([email protected])
https://access.redhat.com/errata/RHSA-2025:23079 ([email protected])
https://access.redhat.com/errata/RHSA-2025:23080 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-52356 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2251344 Issue Tracking, Third Party Advisory ([email protected])
https://gitlab.com/libtiff/libtiff/-/issues/622 Issue Tracking, Patch ([email protected])
https://gitlab.com/libtiff/libtiff/-/merge_requests/546 Issue Tracking, Patch ([email protected])
http://seclists.org/fulldisclosure/2024/Jul/16 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/17 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/18 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/19 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/20 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/21 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/22 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/23 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-52356 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2251344 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/libtiff/libtiff/-/issues/622 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/libtiff/libtiff/-/merge_requests/546 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214116 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214117 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214118 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214119 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214120 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214122 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214123 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214124 (af854a3a-2127-422b-91ae-364da2661108)