CVE-2023-26965

Updated: 2026-02-27 00:07:59.565822

Description:

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU libtiff 4.4.0 5.5 MEDIUM Released CLSA-2025:1745531344 2025-04-26 03:59:33
CentOS 7 ELS libtiff 4.0.3 5.5 MEDIUM Ignored 2024-07-02 11:10:28 Ignored due to low severity