CVE-2023-52356
CVE Details
Visit the official vulnerability details page for CVE-2023-52356 to learn more.
Initial Publication
10/25/2024
Last Update
10/25/2024
Third Party Dependency
tiff
NIST CVE Summary
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
CVE Severity
Our Official Summary
This is a vulnerability in libtiff that can be exploited by a remote attacker to cause a heap-buffer overflow and denial-of-service. The vulnerability is caused by a segment fault (SEGV) flaw that can be triggered when a crafted TIFF file is passed to the TIFFReadRGBATileExt() API. Investigating a possible fix for this vulnerability on the affected images.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.11 | Impacted | Impacted | No Impact | Impacted |
| 4.5.10 | Impacted | Impacted | No Impact | Impacted |
| 4.5.8 | Impacted | Impacted | No Impact | Impacted |
| 4.5.5 | Impacted | Impacted | No Impact | Impacted |
| 4.5.4 | Impacted | Impacted | No Impact | Impacted |
| 4.4.20 | Impacted | Impacted | No Impact | Impacted |
Revision History
| Date | Revision |
|---|---|
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 |
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 |
| 11/13/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20 |
| 11/10/2024 | Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8 |
| 10/27/2024 | Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5 |