CVE-2023-52356
7.5 HIGHA segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API
Published: 2024-01-25 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-122, CWE-787
Affected products
| Vendor | Product |
|---|---|
| libtiff | enterprise_linux, libtiff |
| redhat | enterprise_linux, libtiff |
Description
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-52356
- [Other]https://access.redhat.com/errata/RHSA-2024:5079
- [Other]https://access.redhat.com/errata/RHSA-2025:20801
- [Other]https://access.redhat.com/errata/RHSA-2025:21994
- [Other]https://access.redhat.com/errata/RHSA-2025:23078
- [Other]https://access.redhat.com/errata/RHSA-2025:23079
- [Other]https://access.redhat.com/errata/RHSA-2025:23080
- [Other]https://access.redhat.com/errata/RHSA-2026:16174
- [Other]https://access.redhat.com/errata/RHSA-2026:25096
- [Other]https://access.redhat.com/errata/RHSA-2026:3461
- [Other]https://access.redhat.com/errata/RHSA-2026:3462
- [Other]https://access.redhat.com/errata/RHSA-2026:5958
- [Other]https://access.redhat.com/errata/RHSA-2026:7081
- [Other]https://access.redhat.com/errata/RHSA-2026:7304
- [Other]https://access.redhat.com/errata/RHSA-2026:7335
- [Other]https://access.redhat.com/errata/RHSA-2026:8746
- [Other]https://access.redhat.com/errata/RHSA-2026:8747
- [Other]https://access.redhat.com/errata/RHSA-2026:8748
- [Other]https://access.redhat.com/security/cve/CVE-2023-52356
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2251344
- [Patch]https://gitlab.com/libtiff/libtiff/-/issues/622
- [Patch]https://gitlab.com/libtiff/libtiff/-/merge_requests/546
- [Other]http://seclists.org/fulldisclosure/2024/Jul/16
- [Other]http://seclists.org/fulldisclosure/2024/Jul/17
- [Other]http://seclists.org/fulldisclosure/2024/Jul/18
- [Other]http://seclists.org/fulldisclosure/2024/Jul/19
- [Other]http://seclists.org/fulldisclosure/2024/Jul/20
- [Other]http://seclists.org/fulldisclosure/2024/Jul/21
- [Other]http://seclists.org/fulldisclosure/2024/Jul/22
- [Other]http://seclists.org/fulldisclosure/2024/Jul/23
- [Other]https://access.redhat.com/security/cve/CVE-2023-52356
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2251344
- [Patch]https://gitlab.com/libtiff/libtiff/-/issues/622
- [Patch]https://gitlab.com/libtiff/libtiff/-/merge_requests/546
- [Other]https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
- [Other]https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
- [Other]https://support.apple.com/kb/HT214116
- [Other]https://support.apple.com/kb/HT214117
- [Other]https://support.apple.com/kb/HT214118
- [Other]https://support.apple.com/kb/HT214119
- [Other]https://support.apple.com/kb/HT214120
- [Other]https://support.apple.com/kb/HT214122
- [Other]https://support.apple.com/kb/HT214123
- [Other]https://support.apple.com/kb/HT214124
Related CVEs
Same vendor
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11789 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11788 — A flaw was found in 389 Directory Server (5.9 MEDIUM)
- CVE-2026-11787 — A flaw was found in 389 Directory Server (5.0 MEDIUM)
- CVE-2026-11786 — A flaw was found in 389 Directory Server (1.9 LOW)
Same CWE
- CVE-2026-12193 — A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x (7.8 HIGH)
- CVE-2026-54410 — nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows ... (8.6 HIGH)
- CVE-2026-6676 — Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execu... (7.8 HIGH)
- CVE-2025-14098 — Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executab... (7.8 HIGH)
- CVE-2026-41157 — A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU ...