CVE-2023-3618
- Source
- https://cve.org/CVERecord?id=CVE-2023-3618
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3618.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-3618
- Downstream
- Related
- Published
- 2023-07-12T15:15:09.060Z
- Modified
- 2026-03-20T12:20:52.475482Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
- References
-
- https://support.apple.com/kb/HT214038
- https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
- https://support.apple.com/kb/HT214036
- https://support.apple.com/kb/HT214037
- https://access.redhat.com/security/cve/CVE-2023-3618
- https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
- https://security.netapp.com/advisory/ntap-20230824-0012/
- https://bugzilla.redhat.com/show_bug.cgi?id=2215865
Affected packages
Git / gitlab.com/libtiff/libtiff
Affected versions
v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1
v4.5.0
v4.5.0rc1
v4.5.0rc2
v4.5.0rc3
v4.5.1rc1
v4.5.1rc2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3618.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]