Published: 25/01/2024 Updated: 11/03/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote malicious user to cause a heap-buffer overflow, leading to a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff -
redhat enterprise linux 8.0
redhat enterprise linux 9.0

Debian Bug report logs - #1061524 tiff: CVE-2023-52356 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jan 2024 21:42:01 UTC Severity: important Tags: security, upstream Found in version tiff/451+git230720- ...

PromtFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts.

Prompt Fuzzing for Fuzz Driver Generation PromtFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts The fuzz loop of PromptFuzz aims to guide the mutation of LLMs' prompts to generate programs that cover more reachable code and explore complex API interrelationships, which are effective

CWE-787 https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524 https://nvd.nist.gov https://github.com/PromptFuzz/PromptFuzz

CVE-2023-52356

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect