CVE-2023-0795 - Vulnerability Details - OpenCVE

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Libtiff	Libtiff
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
libtiff-0:4.4.0-8.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:3711	2023-06-21T00:00:00Z

References

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
https://gitlab.com/libtiff/libtiff/-/issues/493
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
https://nvd.nist.gov/vuln/detail/CVE-2023-0795
https://security.gentoo.org/glsa/202305-31
https://security.netapp.com/advisory/ntap-20230316-0003/
https://www.cve.org/CVERecord?id=CVE-2023-0795
https://www.debian.org/security/2023/dsa-5361

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00011}`	epss `{'score': 0.00015}`

Fri, 21 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-02-13T00:00:00.000Z

Updated: 2025-03-21T19:12:39.089Z

Reserved: 2023-02-12T00:00:00.000Z

Link: CVE-2023-0795

Vulnrichment

Updated: 2024-08-02T05:24:34.311Z

NVD

Status : Modified

Published: 2023-02-13T23:15:11.727

Modified: 2025-03-21T19:15:41.283

Link: CVE-2023-0795

Redhat

Severity : Moderate

Publid Date: 2023-02-12T00:00:00Z

Links: CVE-2023-0795 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0795", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2025-03-21T19:12:39.089Z", "dateReserved": "2023-02-12T00:00:00.000Z", "datePublished": "2023-02-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-05-30T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."}], "affected": [{"vendor": "libtiff", "product": "libtiff", "versions": [{"version": "<=4.4.0", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/493"}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"}, {"name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"name": "DSA-5361", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5361"}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0003/"}, {"name": "GLSA-202305-31", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-31"}], "credits": [{"lang": "en", "value": "wangdw.augustus@gmail.com"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Out-of-bounds read in libtiff"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.311Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/493", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"name": "DSA-5361", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5361"}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0003/", "tags": ["x_transferred"]}, {"name": "GLSA-202305-31", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-31"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-21T19:12:34.883978Z", "id": "CVE-2023-0795", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T19:12:39.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/493", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5361", "name": "DSA-5361", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0003/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202305-31", "name": "GLSA-202305-31", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.311Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0795", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-21T19:12:34.883978Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T19:12:26.402Z"}}], "cna": {"credits": [{"lang": "en", "value": "wangdw.augustus@gmail.com"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "libtiff", "product": "libtiff", "versions": [{"status": "affected", "version": "<=4.4.0"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/493"}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list"]}, {"url": "https://www.debian.org/security/2023/dsa-5361", "name": "DSA-5361", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0003/"}, {"url": "https://security.gentoo.org/glsa/202305-31", "name": "GLSA-202305-31", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Out-of-bounds read in libtiff"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-05-30T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0795", "state": "PUBLISHED", "dateUpdated": "2025-03-21T19:12:39.089Z", "dateReserved": "2023-02-12T00:00:00.000Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-02-13T00:00:00.000Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E0B7DC1-7265-4D0F-9400-1559C3378D18", "versionEndIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."}], "id": "CVE-2023-0795", "lastModified": "2025-03-21T19:15:41.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-13T23:15:11.727", "references": [{"source": "cve@gitlab.com", "tags": ["VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"}, {"source": "cve@gitlab.com", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/493"}, {"source": "cve@gitlab.com", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"source": "cve@gitlab.com", "url": "https://security.gentoo.org/glsa/202305-31"}, {"source": "cve@gitlab.com", "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"}, {"source": "cve@gitlab.com", "url": "https://www.debian.org/security/2023/dsa-5361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5361"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3711", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libtiff-0:4.4.0-8.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}], "bugzilla": {"description": "libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c", "id": "2170119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170119"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure."], "name": "CVE-2023-0795", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-02-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0795\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0795"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker's ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.", "threat_severity": "Moderate"}