Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Related bugs and status

CVE-2023-2731 (Candidate) is related to these bugs:

Bug #2020707: Merge tiff 4.5.0-6 (main) from Debian unstable (main)

Summary				In	Importance	Status
	2020707	Merge tiff 4.5.0-6 (main) from Debian unstable (main)		tiff (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://access.redhat....
MISC: https://bugzilla.redha...
MISC: https://github.com/lib...
MISC: https://gitlab.com/lib...
CONFIRM: https://security.netap...