CVE-2023-0797 - Vulnerability Details - OpenCVE

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Libtiff	Libtiff
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
libtiff-0:4.4.0-8.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:3711	2023-06-21T00:00:00Z

References

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
https://gitlab.com/libtiff/libtiff/-/issues/495
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
https://nvd.nist.gov/vuln/detail/CVE-2023-0797
https://security.gentoo.org/glsa/202305-31
https://www.cve.org/CVERecord?id=CVE-2023-0797
https://www.debian.org/security/2023/dsa-5361

History

Fri, 21 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-02-13T00:00:00.000Z

Updated: 2025-03-21T19:03:22.116Z

Reserved: 2023-02-12T00:00:00.000Z

Link: CVE-2023-0797

Vulnrichment

Updated: 2024-08-02T05:24:34.516Z

NVD

Status : Modified

Published: 2023-02-13T23:15:11.970

Modified: 2025-03-21T19:15:41.577

Link: CVE-2023-0797

Redhat

Severity : Moderate

Publid Date: 2023-02-12T00:00:00Z

Links: CVE-2023-0797 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0797", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2025-03-21T19:03:22.116Z", "dateReserved": "2023-02-12T00:00:00.000Z", "datePublished": "2023-02-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-05-30T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."}], "affected": [{"vendor": "libtiff", "product": "libtiff", "versions": [{"version": "<=4.4.0", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/495"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"}, {"name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"name": "DSA-5361", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5361"}, {"name": "GLSA-202305-31", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-31"}], "credits": [{"lang": "en", "value": "wangdw.augustus@gmail.com"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Out-of-bounds read in libtiff"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.516Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/495", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"name": "DSA-5361", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5361"}, {"name": "GLSA-202305-31", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-31"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-21T19:03:19.296344Z", "id": "CVE-2023-0797", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T19:03:22.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/495", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5361", "name": "DSA-5361", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202305-31", "name": "GLSA-202305-31", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.516Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0797", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-21T19:03:19.296344Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T19:03:14.697Z"}}], "cna": {"credits": [{"lang": "en", "value": "wangdw.augustus@gmail.com"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "libtiff", "product": "libtiff", "versions": [{"status": "affected", "version": "<=4.4.0"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/495"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": ["mailing-list"]}, {"url": "https://www.debian.org/security/2023/dsa-5361", "name": "DSA-5361", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202305-31", "name": "GLSA-202305-31", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Out-of-bounds read in libtiff"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-05-30T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0797", "state": "PUBLISHED", "dateUpdated": "2025-03-21T19:03:22.116Z", "dateReserved": "2023-02-12T00:00:00.000Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-02-13T00:00:00.000Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E0B7DC1-7265-4D0F-9400-1559C3378D18", "versionEndIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."}], "id": "CVE-2023-0797", "lastModified": "2025-03-21T19:15:41.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-13T23:15:11.970", "references": [{"source": "cve@gitlab.com", "tags": ["VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"}, {"source": "cve@gitlab.com", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/495"}, {"source": "cve@gitlab.com", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"source": "cve@gitlab.com", "url": "https://security.gentoo.org/glsa/202305-31"}, {"source": "cve@gitlab.com", "url": "https://www.debian.org/security/2023/dsa-5361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5361"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3711", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libtiff-0:4.4.0-8.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}], "bugzilla": {"description": "libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", "id": "2170151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170151"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure."], "name": "CVE-2023-0797", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-02-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0797\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0797"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker's ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.", "threat_severity": "Moderate"}