CVE-2023-3618 - Vulnerability Details - OpenCVE

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Libtiff	Libtiff
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
libtiff-0:4.4.0-12.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2289	2024-04-30T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-3618
https://bugzilla.redhat.com/show_bug.cgi?id=2215865
https://gitlab.com/libtiff/libtiff/-/issues/529
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
https://nvd.nist.gov/vuln/detail/CVE-2023-3618
https://security.netapp.com/advisory/ntap-20230824-0012/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038
https://www.cve.org/CVERecord?id=CVE-2023-3618

History

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html

Thu, 26 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-07-12T14:06:04.572Z

Updated: 2025-11-03T20:35:36.763Z

Reserved: 2023-07-11T14:46:05.545Z

Link: CVE-2023-3618

Vulnrichment

Updated: 2025-11-03T20:35:36.763Z

NVD

Status : Modified

Published: 2023-07-12T15:15:09.060

Modified: 2025-11-03T21:15:59.683

Link: CVE-2023-3618

Redhat

Severity : Moderate

Publid Date: 2023-02-13T00:00:00Z

Links: CVE-2023-3618 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-3618", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-11T14:46:05.545Z", "datePublished": "2023-07-12T14:06:04.572Z", "dateUpdated": "2025-11-03T20:35:36.763Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "libtiff", "vendor": "n/a"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unknown", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}, {"collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "iv", "product": "Fedora", "vendor": "Fedora"}, {"collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "libtiff", "product": "Fedora", "vendor": "Fedora"}, {"collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "mingw-libtiff", "product": "Fedora", "vendor": "Fedora"}, {"collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected", "packageName": "tkimg", "product": "Fedora", "vendor": "Fedora"}], "datePublic": "2023-02-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-07-15T00:27:54.327Z"}, "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2023-3618"}, {"name": "RHBZ#2215865", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"}, {"url": "https://support.apple.com/kb/HT214038"}, {"url": "https://support.apple.com/kb/HT214036"}, {"url": "https://support.apple.com/kb/HT214037"}], "timeline": [{"lang": "en", "time": "2023-06-19T00:00:00Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-02-13T00:00:00Z", "value": "Made public."}], "title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c", "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}, "adp": [{"title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2023-3618"}, {"name": "RHBZ#2215865", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230824-0012/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214038", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214036", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214037", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:35:36.763Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T19:26:00.978317Z", "id": "CVE-2023-3618", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:26:31.776Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3618", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865", "name": "RHBZ#2215865", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230824-0012/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214038", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214036", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214037", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:35:36.763Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3618", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T19:26:00.978317Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:26:10.480Z"}}], "cna": {"title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "libtiff", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "compat-libtiff3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "compat-libtiff3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "iv", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "libtiff", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "mingw-libtiff", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "tkimg", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-06-19T00:00:00Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-02-13T00:00:00Z", "value": "Made public."}], "datePublic": "2023-02-13T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3618", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865", "name": "RHBZ#2215865", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"}, {"url": "https://support.apple.com/kb/HT214038"}, {"url": "https://support.apple.com/kb/HT214036"}, {"url": "https://support.apple.com/kb/HT214037"}], "descriptions": [{"lang": "en", "value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-07-15T00:27:54.327Z"}, "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}}, "cveMetadata": {"cveId": "CVE-2023-3618", "state": "PUBLISHED", "dateUpdated": "2025-11-03T20:35:36.763Z", "dateReserved": "2023-07-11T14:46:05.545Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-07-12T14:06:04.572Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "matchCriteriaId": "4133F7CE-3597-4F03-B3E4-3EA0BB5ADE64", "versionEndExcluding": "4.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."}], "id": "CVE-2023-3618", "lastModified": "2025-11-03T21:15:59.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-07-12T15:15:09.060", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3618"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"}, {"source": "[email protected]", "url": "https://security.netapp.com/advisory/ntap-20230824-0012/"}, {"source": "[email protected]", "url": "https://support.apple.com/kb/HT214036"}, {"source": "[email protected]", "url": "https://support.apple.com/kb/HT214037"}, {"source": "[email protected]", "url": "https://support.apple.com/kb/HT214038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3618"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230824-0012/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214038"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:2289", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libtiff-0:4.4.0-12.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c", "id": "2215865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."], "name": "CVE-2023-3618", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3618\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3618\nhttps://gitlab.com/libtiff/libtiff/-/issues/529"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nRed Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.", "threat_severity": "Moderate"}