CVE-2023-52355: Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom

Description

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

Classification

CVE ID: CVE-2023-52355

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.22% (probability of being exploited)

EPSS Percentile: 60.24% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2023-52355
https://bugzilla.redhat.com/show_bug.cgi?id=2251326
https://gitlab.com/libtiff/libtiff/-/issues/621

Timeline

2024-12-19 00:30:34 UTC
CVE

Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom