CVE-2023-52356

HIGH

Libtiff - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

References (37)

Core 37
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7081
https://access.redhat.com/errata/RHSA-2026:7081
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7304
https://access.redhat.com/errata/RHSA-2026:7304
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:7335
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21994
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23078
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23079
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23080
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:5079
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:20801
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3461
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3462
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:5958
https://access.redhat.com/errata/RHSA-2026:5958
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8746
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8747
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8748
https://access.redhat.com/errata/RHSA-2026:8748
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-52356
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2251344

Scores

CVSS v3 7.5
EPSS 0.0074
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-122 CWE-787
Status published
Products (22)
libtiff/libtiff
Red Hat/Red Hat AI Inference Server 3.2 sha256:14e32e88f1b89f59ed34a6d712746b82a6a54c6ed4727784f18aeff853abbdc7
Red Hat/Red Hat AI Inference Server 3.2 sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a
Red Hat/Red Hat AI Inference Server 3.2 sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e
Red Hat/Red Hat AI Inference Server 3.2 sha256:7856bdb7ae0d643a7b9362c164d4d4fe3c0c7186f5fff73a7ae9835b3df52e57
Red Hat/Red Hat AI Inference Server 3.2 sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b
Red Hat/Red Hat AI Inference Server 3.2 sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7
Red Hat/Red Hat AI Inference Server 3.3 sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc
Red Hat/Red Hat AI Inference Server 3.3 sha256:813ba7ccd1696b44deb90d9e6cd8af114bdb47781eae7f27246a81fba062a892
Red Hat/Red Hat AI Inference Server 3.3 sha256:be6d568f28044533e4ad80f0856407c359e2eaf31a6b89cada433e6575d2300e
... and 12 more
Published Jan 25, 2024
Tracked Since Feb 18, 2026