CVE-2023-52356

HIGH

libtiff - Heap-based Buffer Overflow via TIFFReadRGBATileExt()

Title source: llm
STIX 2.1

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

References (39)

Core 39
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:5079
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:20801
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21994
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23078
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23079
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23080
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16174
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3461
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3462
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:5958
https://access.redhat.com/errata/RHSA-2026:5958
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7081
https://access.redhat.com/errata/RHSA-2026:7081
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7304
https://access.redhat.com/errata/RHSA-2026:7304
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:7335
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8746
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8747
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8748
https://access.redhat.com/errata/RHSA-2026:8748
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-52356
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2251344

Scores

CVSS v3 7.5
EPSS 0.0219
EPSS Percentile 80.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-122 CWE-787
Status published
Products (34)
libtiff/libtiff
Red Hat/Red Hat AI Inference Server 3.2 1772160593
Red Hat/Red Hat AI Inference Server 3.2 1772160625
Red Hat/Red Hat AI Inference Server 3.2 1775740563
Red Hat/Red Hat AI Inference Server 3.2 1780681984
Red Hat/Red Hat AI Inference Server 3.2 3.2.2-1764871796
Red Hat/Red Hat AI Inference Server 3.2 3.2.2-1765379049
Red Hat/Red Hat AI Inference Server 3.2 3.2.2-1765379088
Red Hat/Red Hat AI Inference Server 3.2 sha256:14e32e88f1b89f59ed34a6d712746b82a6a54c6ed4727784f18aeff853abbdc7
Red Hat/Red Hat AI Inference Server 3.2 sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a
... and 24 more
Published Jan 25, 2024
Tracked Since Feb 18, 2026