libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
References
Link | Resource |
---|---|
https://gitlab.com/libtiff/libtiff/-/issues/530 | Exploit Issue Tracking Patch |
https://gitlab.com/libtiff/libtiff/-/merge_requests/473 | Patch |
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html | |
https://gitlab.com/libtiff/libtiff/-/issues/530 | Exploit Issue Tracking Patch |
https://gitlab.com/libtiff/libtiff/-/merge_requests/473 | Patch |
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html |
Configurations
History
21 Nov 2024, 07:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/libtiff/libtiff/-/issues/530 - Exploit, Issue Tracking, Patch | |
References | () https://gitlab.com/libtiff/libtiff/-/merge_requests/473 - Patch | |
References | () https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html - |
01 Aug 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jul 2023, 17:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
06 Jul 2023, 18:43
Type | Values Removed | Values Added |
---|---|---|
First Time |
Libtiff
Libtiff libtiff |
|
CPE | cpe:2.3:a:libtiff:libtiff:4.5.0:-:*:*:*:*:*:* | |
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://gitlab.com/libtiff/libtiff/-/merge_requests/473 - Patch | |
References | (MISC) https://gitlab.com/libtiff/libtiff/-/issues/530 - Exploit, Issue Tracking, Patch |
29 Jun 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-29 20:15
Updated : 2024-11-21 07:52
NVD link : CVE-2023-26966
Mitre link : CVE-2023-26966
CVE.ORG link : CVE-2023-26966
JSON object : View
Products Affected
libtiff
- libtiff
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')