CVE-2023-6228: Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c

Description

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

Classification

CVE ID: CVE-2023-6228

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 8

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 30.37% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://access.redhat.com/errata/RHSA-2024:2289
https://access.redhat.com/errata/RHSA-2024:5079
https://access.redhat.com/security/cve/CVE-2023-6228
https://bugzilla.redhat.com/show_bug.cgi?id=2240995

Timeline

2024-12-19 00:30:35 UTC
CVE

Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
2025-04-14 06:00:43 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: libtiff (CVE-2023-6228)