{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-30775", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-01-21T17:30:59.637Z", "dateReserved": "2023-04-17T00:00:00.000Z", "datePublished": "2023-05-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-07-03T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."}], "affected": [{"vendor": "n/a", "product": "libtiff", "versions": [{"version": "4.0", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/464"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-30775"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0002/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119", "cweId": "CWE-119"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.317Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/464", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-30775", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0002/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T17:29:52.315626Z", "id": "CVE-2023-30775", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T17:30:59.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/464", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-30775", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.317Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-30775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T17:29:52.315626Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T17:30:33.463Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "libtiff", "versions": [{"status": "affected", "version": "4.0"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/464"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-30775"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0002/"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-07-03T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-30775", "state": "PUBLISHED", "dateUpdated": "2025-01-21T17:30:59.637Z", "dateReserved": "2023-04-17T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-05-19T00:00:00", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D49C1A38-70B8-4172-9FCD-F9E8848565C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."}], "id": "CVE-2023-30775", "lastModified": "2025-01-21T18:15:13.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-19T15:15:08.980", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-30775"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/464"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20230703-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-30775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230703-0002/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2340", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libtiff-0:4.4.0-7.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c", "id": "2187141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119->CWE-787", "details": ["A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."], "name": "CVE-2023-30775", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-30775\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30775"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer to CWE-787: Out-of-bounds Write vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\nBoundary protection, access enforcement, and least privilege controls limit access to the platform and memory, ensuring only authorized users and processes can interact with sensitive components. This reduces the risk of attackers exploiting memory vulnerabilities. Configuration management controls like baseline configuration and least functionality can help prevent vulnerability exploitation by enforcing secure system configurations, enabling memory protection, and removing unnecessary services, ports, or functions that could be exploited. Memory protection controls mitigate the risk of potential memory corruption by enforcing runtime protections. Finally, process isolation and encryption of data at rest reduce the potential impacts in the case of successful exploitation by isolating compromised processes and ensuring sensitive data remains secure even in the event of memory corruption.", "threat_severity": "Moderate"}

{}