anonhaven
Ad

CVE-2023-52356

HIGH CVSS 3.1: 7.5 EPSS 0.74%
Updated Apr 17, 2026
Red Hat
Parameter Value
CVSS 7.5 (HIGH)
Type CWE-122 (Heap-based Buffer Overflow), CWE-787 (Out-of-bounds Write)
Vendor Red Hat
Public PoC No

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-122 Heap-based Buffer Overflow
CWE-787 Out-of-bounds Write

Vulnerable Products 3

Configuration From (including) Up to (excluding)
Libtiff Libtiff
cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

References 37

https://access.redhat.com/errata/RHSA-2024:5079
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:20801
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21994
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:23078
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:23079
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:23080
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:3461
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:3462
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5958
secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-52356
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2251344
secalert@redhat.com
https://gitlab.com/libtiff/libtiff/-/issues/622
secalert@redhat.com
https://gitlab.com/libtiff/libtiff/-/merge_requests/546
secalert@redhat.com
http://seclists.org/fulldisclosure/2024/Jul/16
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/17
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/18
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/19
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/20
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/21
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/22
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Jul/23
af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214116
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214117
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214118
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214119
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214120
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214122
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214123
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214124
af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2026:7081
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:7304
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:7335
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:8746
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:8747
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:8748
secalert@redhat.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4636

Red Hat

8.1

CVE-2026-4634

Red Hat

7.5

CVE-2026-4325

Red Hat

5.3

CVE-2026-4282

Red Hat

7.4

CVE-2026-3872

Red Hat

7.3