DEBIAN-CVE-2023-1916

DEBIAN-CVE-2023-1916 PUBLISHED CVSS 6.099999904632568 MEDIUM

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	tiff	0, 0, 0
Debian:11	tiff	4.5.0~rc1-1, 4.5.0~rc1-1, 4.5.1+git230720-1
Debian:14	tiff	0, 0, 0
Debian:12	tiff	4.5.1+git230720, 4.5.1+git230720, 4.5.1+git230720

Exploit Intelligence

macos_v2_generated.go (github-poc)
macos_v1_generated.go (github-poc)

Timeline

Apr 10, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-1916 advisory

Open in Interactive Console →