CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionNVD
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
AnalysisAI
Heap-buffer overflow in libtiff's TIFFReadRGBATileExt() API allows remote unauthenticated attackers to trigger denial of service via crafted TIFF files. The vulnerability (CWE-122) has a CVSS 7.5 HIGH rating with network attack vector and low complexity, though EPSS score of 0.72% (72nd percentile) suggests moderate real-world exploitation likelihood. Vendor patches are available through Red Hat advisories and upstream GitLab merge request #546. The flaw affects libtiff library across multiple Red Hat Enterprise Linux 8.x and 9.x deployments, requiring applications that process untrusted TIFF images through this specific API function.
Technical ContextAI
Libtiff is a widely-used open-source library for reading and writing TIFF (Tagged Image File Format) image files, commonly integrated into image processing applications, document viewers, and web services. The TIFFReadRGBATileExt() API function provides extended tile-based RGBA image reading capabilities. This vulnerability manifests as a heap-buffer overflow (CWE-122), a memory corruption class where writes exceed allocated heap buffer boundaries. The segmentation fault occurs during tile processing when parsing malformed TIFF metadata or image data structures. The affected CPE entries indicate vulnerability in the core libtiff library (cpe:2.3:a:libtiff:libtiff) and its integration within Red Hat Enterprise Linux 8.0 and 9.0 distributions (cpe:2.3:o:redhat:enterprise_linux). The heap overflow specifically targets the buffer management within the tile reading extension API, likely involving improper validation of tile dimensions, offsets, or buffer allocation calculations during TIFF file parsing.
RemediationAI
Apply vendor-released patches immediately for affected Red Hat Enterprise Linux systems through the appropriate RHSA advisory for your version (RHSA-2024:5079 and subsequent updates available at https://access.redhat.com/errata/). For upstream libtiff installations, apply the fix provided in GitLab merge request #546 (https://gitlab.com/libtiff/libtiff/-/merge_requests/546) which addresses the heap-buffer overflow in TIFFReadRGBATileExt(). If immediate patching is not feasible, implement the following compensating controls with noted trade-offs: (1) Disable TIFF processing functionality in affected applications if not business-critical-eliminates risk but impacts image format support; (2) Restrict TIFF file uploads to authenticated trusted users only and implement file source validation-reduces attack surface but doesn't eliminate internal threat; (3) Deploy input validation to reject tiled TIFF files (force stripped format only) at application boundary-may break legitimate tiled TIFF workflows; (4) Isolate TIFF processing in sandboxed containers or separate low-privilege processes with resource limits to contain denial of service impact-adds operational complexity and latency. Monitor Red Hat Bugzilla #2251344 (https://bugzilla.redhat.com/show_bug.cgi?id=2251344) for additional technical details and deployment guidance.
Share
External POC / Exploit Code
Leaving vuln.today