CVE-2023-30086 - Vulnerability Details - OpenCVE

Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
libtiff-0:4.4.0-7.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2340	2023-05-09T00:00:00Z

No data.

Subscriptions

Vendors	Products
Libtiff Subscribe	Libtiff Subscribe
Redhat Subscribe	Enterprise Linux Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-34519	Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://libtiff-release-v4-0-7.com
http://tiffcp.com
https://gitlab.com/libtiff/libtiff/-/issues/538
https://nvd.nist.gov/vuln/detail/CVE-2023-30086
https://security.netapp.com/advisory/ntap-20230616-0003/
https://www.cve.org/CVERecord?id=CVE-2023-30086

History

Wed, 29 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-09T00:00:00.000Z

Updated: 2025-01-29T14:44:13.845Z

Reserved: 2023-04-07T00:00:00.000Z

Link: CVE-2023-30086

Vulnrichment

Updated: 2024-08-02T14:21:44.645Z

NVD

Status : Modified

Published: 2023-05-09T16:15:14.507

Modified: 2025-01-29T15:15:15.413

Link: CVE-2023-30086

Redhat

Severity : Moderate

Publid Date: 2023-05-10T00:00:00Z

Links: CVE-2023-30086 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-30086", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-29T14:44:13.845Z", "dateReserved": "2023-04-07T00:00:00.000Z", "datePublished": "2023-05-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://libtiff-release-v4-0-7.com"}, {"url": "http://tiffcp.com"}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/538"}, {"url": "https://security.netapp.com/advisory/ntap-20230616-0003/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:21:44.645Z"}, "title": "CVE Program Container", "references": [{"url": "http://libtiff-release-v4-0-7.com", "tags": ["x_transferred"]}, {"url": "http://tiffcp.com", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/538", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230616-0003/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T14:42:43.326457Z", "id": "CVE-2023-30086", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T14:44:13.845Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://libtiff-release-v4-0-7.com", "tags": ["x_transferred"]}, {"url": "http://tiffcp.com", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/538", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230616-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:21:44.645Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-30086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T14:42:43.326457Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T14:40:05.606Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://libtiff-release-v4-0-7.com"}, {"url": "http://tiffcp.com"}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/538"}, {"url": "https://security.netapp.com/advisory/ntap-20230616-0003/"}], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-30086", "state": "PUBLISHED", "dateUpdated": "2025-01-29T14:44:13.845Z", "dateReserved": "2023-04-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-05-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FE968DD2-24BE-4417-A6DF-D79E40E07766", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."}], "id": "CVE-2023-30086", "lastModified": "2025-01-29T15:15:15.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-09T16:15:14.507", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://libtiff-release-v4-0-7.com"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "http://tiffcp.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/538"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230616-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://libtiff-release-v4-0-7.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://tiffcp.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230616-0003/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2340", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libtiff-0:4.4.0-7.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "libtiff: Heap buffer overflow in tiffcp() at tiffcp.c", "id": "2203650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203650"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."], "name": "CVE-2023-30086", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-05-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-30086\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30086"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nSecure baseline configurations provide a strong foundation for maintaining a secure and resilient environment. Rigorous testing and development practices (SAST, DAST, etc.) identify and address memory vulnerabilities before they are promoted to Red Hat production platforms, and the malicious code protection used further mitigates impacts by detecting, blocking, and responding to exploitation attempts. The platform uses OS versions that inherit certain security tools and features from RHEL that are enabled by default, such as SELinux and Address Space Layout Randomization (ASLR). Least functionality and process isolation minimizes the attack surface by disabling unauthorized services and ports and containing any corruption within the originating process, preventing it from affecting other processes or the system as a whole.", "threat_severity": "Moderate"}