CVE-2023-52356 - Vulnerability Details

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Libtiff	Libtiff
Redhat	Ai Inference Server Discovery Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
libtiff-0:4.0.9-32.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:5079	2024-08-07T00:00:00Z

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://access.redhat.com/errata/RHSA-2024:5079
https://access.redhat.com/errata/RHSA-2025:20801
https://access.redhat.com/errata/RHSA-2025:21994
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/security/cve/CVE-2023-52356
https://bugzilla.redhat.com/show_bug.cgi?id=2251344
https://gitlab.com/libtiff/libtiff/-/issues/622
https://gitlab.com/libtiff/libtiff/-/merge_requests/546
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
https://nvd.nist.gov/vuln/detail/CVE-2023-52356
https://support.apple.com/kb/HT214116
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214123
https://support.apple.com/kb/HT214124
https://www.cve.org/CVERecord?id=CVE-2023-52356

History

Wed, 10 Dec 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ai Inference Server
CPEs		cpe:/a:redhat:ai_inference_server:3.2::el9
Vendors & Products		Redhat ai Inference Server
References		https://access.redhat.com/errata/RHSA-2025:23078 https://access.redhat.com/errata/RHSA-2025:23079 https://access.redhat.com/errata/RHSA-2025:23080

Mon, 24 Nov 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/a:redhat:discovery:2::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2025:21994

Tue, 11 Nov 2025 16:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
References		https://access.redhat.com/errata/RHSA-2025:20801

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00263}`	epss `{'score': 0.0027}`

Tue, 17 Jun 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/17 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/fulldisclosure/2024/Jul/19 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/22 http://seclists.org/fulldisclosure/2024/Jul/23 https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html https://support.apple.com/kb/HT214116 https://support.apple.com/kb/HT214117 https://support.apple.com/kb/HT214118 https://support.apple.com/kb/HT214119 https://support.apple.com/kb/HT214120 https://support.apple.com/kb/HT214122 https://support.apple.com/kb/HT214123 https://support.apple.com/kb/HT214124

Mon, 16 Sep 2024 20:45:00 +0000

Type	Values Removed	Values Added
References	http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/17 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/fulldisclosure/2024/Jul/19 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/22 http://seclists.org/fulldisclosure/2024/Jul/23 https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html https://support.apple.com/kb/HT214116 https://support.apple.com/kb/HT214117 https://support.apple.com/kb/HT214118 https://support.apple.com/kb/HT214119 https://support.apple.com/kb/HT214120 https://support.apple.com/kb/HT214122 https://support.apple.com/kb/HT214123 https://support.apple.com/kb/HT214124

Wed, 07 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Wed, 07 Aug 2024 16:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
References		https://access.redhat.com/errata/RHSA-2024:5079

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-25T20:03:40.971Z

Updated: 2025-12-10T18:59:21.507Z

Reserved: 2024-01-24T14:08:49.010Z

Link: CVE-2023-52356

Vulnrichment

Updated: 2025-11-03T20:36:13.850Z

NVD

Status : Modified

Published: 2024-01-25T20:15:39.063

Modified: 2025-12-10T19:16:13.163

Link: CVE-2023-52356

Redhat

Severity : Moderate

Publid Date: 2023-11-03T00:00:00Z

Links: CVE-2023-52356 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object