INFSA-2025:20801: libtiff security update
Information about definition
Identificator: INFSA-2025:20801
Type: security
Release date: 2025-12-01 17:16:44 UTC
Information about package
The LibTIFF packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Vulnerabilities description
- CVE-2023-52356
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-52355
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-52355
|
no information | 7.5 | no information |
|
NIST — CVE-2023-52356
|
no information | 7.5 | no information |
Updated packages
Preparing to download...