CVE-2023-3164

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-3164
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3164.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-3164
Downstream
Related
Published
2023-11-02T11:26:28.533Z
Modified
2026-05-28T04:08:38.949571773Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Heap-buffer-overflow in extractimagesection()
Details

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3164.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-120"
    ]
}
References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8b20804fc0ddeaa93667b799b5e1a2a7dc9e3fb2
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.6.0"
        }
    ],
    "cpe": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1
v4.5.0
v4.5.0rc2
v4.5.0rc3
v4.5.1
v4.5.1rc1
v4.5.1rc2
v4.5.1rc3
v4.6.0rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3164.json"