Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libtiff@4.0.9-29?arch=el8_8
purl pkg:rpm/redhat/libtiff@4.0.9-29?arch=el8_8
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-2u8w-cy3j-9fen
Aliases:
CVE-2023-0800
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-44zu-mtmq-57cm
Aliases:
CVE-2023-0801
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-b33v-b6h4-cqfe
Aliases:
CVE-2023-0804
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-pnpt-r4ke-fufh
Aliases:
CVE-2023-0803
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-x9xf-wuyn-6ffg
Aliases:
CVE-2023-0802
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:55:30.959739+00:00 RedHat Importer Affected by VCID-b33v-b6h4-cqfe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json 38.0.0
2026-04-01T13:55:30.916234+00:00 RedHat Importer Affected by VCID-pnpt-r4ke-fufh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json 38.0.0
2026-04-01T13:55:30.870766+00:00 RedHat Importer Affected by VCID-x9xf-wuyn-6ffg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json 38.0.0
2026-04-01T13:55:30.824743+00:00 RedHat Importer Affected by VCID-44zu-mtmq-57cm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json 38.0.0
2026-04-01T13:55:30.778333+00:00 RedHat Importer Affected by VCID-2u8w-cy3j-9fen https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json 38.0.0