CVE-2023-2731

Published: 05/17/2023 22:15:11
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
MEDIUM
CVSS v3: 5.5

Status

DocFilters Release Package State Justification Comment
25.1 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
24.4 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
24.4.0 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
24.3 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
24.2.1 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
24.2 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
24.1 libtiff (4.6.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
23.3 libtiff (4.5.1) Not Affected Code Not Present Issue was introduced post 4.3.0.
23.2.1 libtiff (4.3.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
23.2 libtiff (4.3.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
23.1 libtiff (4.3.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
22.4 libtiff (4.3.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
22.3 libtiff (4.3.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
22.2 libtiff (4.3.0) Not Affected Code Not Present Issue was introduced post 4.3.0.
22.1 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.11.1 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.11 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.8.1 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.8 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.5.1 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.5.0 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
21.2.0 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.20 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.19.3667 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.18.3599 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.17 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.16.3445 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.15.3368 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.14.3263 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.13.3179 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.12.3054 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.11.3040 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.11.2990 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.10.2934 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.9.2878 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.
11.4.8.2822 libtiff (4.0.8) Not Affected Code Not Present Issue was introduced post 4.3.0.

Severity score breakdown

Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version
3.1

References