Skip to main content
Version: latest

CVE-2023-52355

CVE Details

Visit the official vulnerability details page for CVE-2023-52355 to learn more.

Initial Publication

01/20/2025

Last Update

09/02/2025

Third Party Dependency

libtiff6

NIST CVE Summary

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

CVE Severity

7.5

Our Official Summary

The identified out-of-memory vulnerability in libtiff, triggered by a crafted TIFF file passed to the TIFFRasterScanlineSize64() API, presents a moderate severity concern rather than a important one due to several factors. Primarily, the exploit requires the crafted input to be smaller than 379 KB, imposing a limitation on the potential impact and reducing the likelihood of successful exploitation in practical scenarios. Furthermore, the nature of the vulnerability is limited to denial-of-service attacks, which, although disruptive, do not inherently pose a direct risk of data compromise or system compromise.

Attackers will require physical access to the underlying cluster to exploit this. Controls in place such as non-privileged container without interactive shell access will make it difficult to execute any code to exploit this vulnerability. Once the upstream fix is available, we will incorporate the fix.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.6.41⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.22⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact

Revision History

DateRevision
08/04/2025Status changed from Open to Ongoing
08/04/2025Official summary added