Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2908— Libtiff: null pointer dereference in tif_dir.c

CVSS 5.5 · Medium EPSS 0.01% · P3
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-2908

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Libtiff: null pointer dereference in tif_dir.c
Source: NVD (National Vulnerability Database)
Vulnerability Description
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
LibTIFF 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LibTIFF是一个读写TIFF(标签图像文件格式)文件的库。该库包含一些处理TIFF文件的命令行工具。 LibTIFF存在代码问题漏洞,该漏洞源于空指针取消引用,允许攻击者通过精心制作的TIFF图像文件导致应用程序崩溃,最终导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Libtiff 4.5.1rc1 -
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
FedoraFedora--
FedoraFedora--
FedoraFedora--
FedoraFedora--

II. Public POCs for CVE-2023-2908

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-2908

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-06-30 · 29 CVEs total

CVE-2023-261357.3 HIGHflatnest 安全漏洞
CVE-2023-33386.5 MEDIUMCrash due to a null pointer dereference in the dn_nsp_send function
CVE-2023-373605.9 MEDIUMPacparser 注入漏洞
CVE-2023-37301MediaWiki 安全漏洞
CVE-2023-1206Linux kernel 资源管理错误漏洞
CVE-2023-33298Perimeter 81 安全漏洞
CVE-2023-36144Intelbras SG 2404 MR 安全漏洞
CVE-2023-27469Malwarebytes 安全漏洞
CVE-2023-29145Malwarebytes 安全漏洞
CVE-2023-31543pipreqs 代码问题漏洞
CVE-2023-29147Malwarebytes 安全漏洞
CVE-2023-37365Hnswlib 资源管理错误漏洞
CVE-2023-34840angular-ui-notification 跨站脚本漏洞
CVE-2023-37300MediaWiki 安全漏洞
CVE-2023-36347POS Codekop 访问控制错误漏洞
CVE-2023-37302MediaWiki 跨站脚本漏洞
CVE-2023-37303MediaWiki 安全漏洞
CVE-2023-37304MediaWiki 跨站脚本漏洞
CVE-2023-37305MediaWiki 安全漏洞
CVE-2023-37306MISP 安全漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Libtiff
Same vendor: n/a
Same weakness: CWE-476

V. Comments for CVE-2023-2908

No comments yet

Leave a comment