Version: latest

CVE-2023-52356

CVE Details

CVE-2023-52356

Last Update

10/10/2024

NIST CVE Summary

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Our Official Summary

This is a vulnerability in libtiff that can be exploited by a remote attacker to cause a heap-buffer overflow and denial-of-service. The vulnerability is caused by a segment fault (SEGV) flaw that can be triggered when a crafted TIFF file is passed to the TIFFReadRGBATileExt() API. Investigating a possible fix for this vulnerability on the affected images.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

Palette Enterprise airgap 4.4.18, 4.5.3, 4.5.8
Palette Enterprise 4.5.3, 4.5.8

Revision History

1.0 09/15/2024 Initial Publication
2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products
3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products
4.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products
5.0 11/7/2024 Added Palette Enterprise 4.5.8 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​