Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libtiff@4.4.0-8?arch=el9_2
purl pkg:rpm/redhat/libtiff@4.4.0-8?arch=el9_2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-2u8w-cy3j-9fen
Aliases:
CVE-2023-0800
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-44zu-mtmq-57cm
Aliases:
CVE-2023-0801
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-4egk-vvjq-dyhw
Aliases:
CVE-2023-0795
Out-of-bounds Read LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. There are no reported fixed by versions.
VCID-4pys-mah6-hfh6
Aliases:
CVE-2023-0799
Use After Free LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. There are no reported fixed by versions.
VCID-b33v-b6h4-cqfe
Aliases:
CVE-2023-0804
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-cw7d-us77-2fhv
Aliases:
CVE-2023-0796
Out-of-bounds Read LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. There are no reported fixed by versions.
VCID-ju1t-bhyh-v7du
Aliases:
CVE-2022-48281
Out-of-bounds Write processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. There are no reported fixed by versions.
VCID-pnpt-r4ke-fufh
Aliases:
CVE-2023-0803
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
VCID-tg7w-mbkg-7uhj
Aliases:
CVE-2023-0798
Out-of-bounds Read LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. There are no reported fixed by versions.
VCID-wza2-4rcj-hkcd
Aliases:
CVE-2023-0797
Out-of-bounds Read LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. There are no reported fixed by versions.
VCID-x9xf-wuyn-6ffg
Aliases:
CVE-2023-0802
Out-of-bounds Write LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:55:39.392994+00:00 RedHat Importer Affected by VCID-ju1t-bhyh-v7du https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json 38.0.0
2026-04-01T13:55:30.975274+00:00 RedHat Importer Affected by VCID-b33v-b6h4-cqfe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json 38.0.0
2026-04-01T13:55:30.931277+00:00 RedHat Importer Affected by VCID-pnpt-r4ke-fufh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json 38.0.0
2026-04-01T13:55:30.887840+00:00 RedHat Importer Affected by VCID-x9xf-wuyn-6ffg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json 38.0.0
2026-04-01T13:55:30.841586+00:00 RedHat Importer Affected by VCID-44zu-mtmq-57cm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json 38.0.0
2026-04-01T13:55:30.792904+00:00 RedHat Importer Affected by VCID-2u8w-cy3j-9fen https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json 38.0.0
2026-04-01T13:55:30.750042+00:00 RedHat Importer Affected by VCID-4pys-mah6-hfh6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json 38.0.0
2026-04-01T13:55:30.723801+00:00 RedHat Importer Affected by VCID-tg7w-mbkg-7uhj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json 38.0.0
2026-04-01T13:55:30.698128+00:00 RedHat Importer Affected by VCID-wza2-4rcj-hkcd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json 38.0.0
2026-04-01T13:55:30.673813+00:00 RedHat Importer Affected by VCID-cw7d-us77-2fhv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json 38.0.0
2026-04-01T13:55:30.647424+00:00 RedHat Importer Affected by VCID-4egk-vvjq-dyhw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json 38.0.0