CVE-2023-30774: Buffer Overflow

Q: What is the vulnerability ID for this flaw in the libtiff library?

The vulnerability ID for this flaw in the libtiff library is CVE-2023-30774.

Q: What is the severity of CVE-2023-30774?

CVE-2023-30774 has a severity rating of medium.

Q: How does CVE-2023-30774 manifest?

CVE-2023-30774 manifests as a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

Q: Which version of the libtiff library is affected by CVE-2023-30774?

The libtiff library version 4.0.0 is affected by CVE-2023-30774.

Q: Are there any known fixes or patches available for CVE-2023-30774?

Yes, the vulnerability has been reported and fixes or patches may be available. It is recommended to check with the vendor or official sources for the latest updates.

Published Apr 17, 2023

Updated

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

Credit

CVE-2023-30774

Affected Software

6 affected componentsFixes available

IBM Cognos Analytics<=12.0.0-12.0.3

IBM Cognos Analytics<=11.2.0-11.2.4 FP4

Apple macOS Sonoma<14.1

14.1

LibTIFF libtiff=4.0.0

LibTIFF libtiff>=3.5.1<=4.4.0

Apple macOS<14.1

Event History

Apr 17, 2023

Data Sourced

via Red Hat·04:54 AM

DescriptionSeverityAffected Software

May 19, 2023

CVE Published

12:00 AM

Data Sourced

12:00 AM

DescriptionWeakness

Frequently Asked Questions

What is the vulnerability ID for this flaw in the libtiff library?

The vulnerability ID for this flaw in the libtiff library is CVE-2023-30774.

What is the severity of CVE-2023-30774?

CVE-2023-30774 has a severity rating of medium.

How does CVE-2023-30774 manifest?

CVE-2023-30774 manifests as a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

Which version of the libtiff library is affected by CVE-2023-30774?

The libtiff library version 4.0.0 is affected by CVE-2023-30774.

Are there any known fixes or patches available for CVE-2023-30774?

Yes, the vulnerability has been reported and fixes or patches may be available. It is recommended to check with the vendor or official sources for the latest updates.

CVSS Score

5.5Medium

Medium Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Security Metrics

Risk Score34

Severitymedium(5.5)

CWE

119787

Timeline

PublishedApr 17, 2023

Updated

References

+4 more references

Parent Advisories

Peer Vulnerabilities

Tags

agent/typeagent/first-publish-datecollector/redhat-bugzillasource/Red Hatalias/CVE-2023-30774agent/severityagent/weaknessagent/eventcollector/mitre-cvesource/MITREcollector/ibm-supportsource/IBMagent/software-canonical-lookupagent/referencesagent/trendingagent/sourcecollector/apple-supportsource/Appleagent/software-canonical-lookup-requestagent/authorcollector/nvd-indexagent/last-modified-datecollector/nvd-apisource/NVDagent/tagsagent/softwarecombineagent/risk-scoreagent/descriptionvendor/ibmcanonical/ibm cognos analyticsversion/ibm cognos analytics/12.0.0-12.0.3version/ibm cognos analytics/11.2.0-11.2.4 fp4vendor/applecanonical/apple macosvendor/libtiffcanonical/tiffversion/tiff/4.0.0version/tiff/3.5.1version/tiff/4.4.0canonical/macos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.