CVE-2023-3316: NULL Pointer Dereference

June 19, 2023 (updated August 1, 2023)

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

References

nvd.nist.gov/vuln/detail/CVE-2023-3316
research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/

Code Behaviors & Features

Detect and mitigate CVE-2023-3316 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →