LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:2289 | |
https://access.redhat.com/security/cve/CVE-2023-40745 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2235265 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
16 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jan 2024, 01:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* | |
First Time |
Netapp
Netapp active Iq Unified Manager |
|
References | () https://security.netapp.com/advisory/ntap-20231110-0005/ - Third Party Advisory |
10 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Oct 2023, 14:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
CPE | cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-40745 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2235265 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Libtiff
Redhat Fedoraproject Fedoraproject fedora Redhat enterprise Linux Libtiff libtiff |
05 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-05 19:15
Updated : 2024-09-16 17:15
NVD link : CVE-2023-40745
Mitre link : CVE-2023-40745
CVE.ORG link : CVE-2023-40745
JSON object : View
Products Affected
netapp
- active_iq_unified_manager
libtiff
- libtiff
redhat
- enterprise_linux
fedoraproject
- fedora
CWE
CWE-190
Integer Overflow or Wraparound