CVE-2023-26965: Out-of-bounds Write

June 14, 2023 (updated August 1, 2023)

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

References

gitlab.com/libtiff/libtiff/-/merge_requests/472
nvd.nist.gov/vuln/detail/CVE-2023-26965

Detect and mitigate CVE-2023-26965 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →