CVE-2023-0800
libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.
The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-02-12 CVE Reserved
- 2023-02-13 CVE Published
- 2025-03-21 CVE Updated
- 2025-03-21 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/issues/496 | 2025-03-21 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 | 2023-05-30 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202305-31 | 2023-05-30 | |
| https://www.debian.org/security/2023/dsa-5361 | 2023-05-30 | |
| https://access.redhat.com/security/cve/CVE-2023-0800 | 2023-09-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170167 | 2023-09-26 |