CVE-2023-26966
libtiff: Buffer Overflow in uv_encode()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.
This update for tiff fixes the following issues. Fixed a NULL pointer dereference in raw2tiff. Fixed an integer overflow in raw2tiff. Fixed a memory leak in tiffcrop. Fixed an out of bounds read in tiffcp. Fixed an out of bounds read when transforming a little-endian file to a big-endian output. Fixed a NULL pointer dereference while encoding FAX3 files. Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer. Fixed a NULL pointer dereference while opening a file in an inaccessible path. Fixed a buffer overflow in tiffcrop.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-02-27 CVE Reserved
- 2023-06-29 CVE Published
- 2024-11-27 CVE Updated
- 2024-11-27 First Exploit
- 2025-07-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html | Mailing List |
|
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/issues/530 | 2024-11-27 |
URL | Date | SRC |
---|---|---|
https://gitlab.com/libtiff/libtiff/-/merge_requests/473 | 2023-08-01 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-26966 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2218749 | 2023-11-07 |