How serious is CVE-2023-52355?

This vulnerability has a CVSS score of 7.5 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2023-52355?

Yes, proof-of-concept exploit code for CVE-2023-52355 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2023-52355?

CVE-2023-52355 affects libtiff libtiff. Check the full CVE details for specific version information.

How do I fix CVE-2023-52355?

To remediate CVE-2023-52355, check for security patches from libtiff. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2023-52355

High

|7.5

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to crash applications that use the libtiff library by sending them a specially crafted TIFF file, which can be as small as 379 KB. To exploit this flaw, the attacker needs to get the target to open the malicious TIFF file, leading to a denial of service.

Technical Description

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,053($1K-$5K)

Vendor Response

Grade FPatched in 763 days

Quick Information

Published

Jan 25, 2024

about 2 years ago

Last Modified

Feb 27, 2026

about 1 month ago

Vendor

libtiff

Product

libtiff

Related Vulnerabilities

CVE-2025-61145Medium

This vulnerability allows an attacker to potentially crash the libtiff software or execute arbitrary code by exploiting a flaw in the tiffcrop tool, which can happen if the attacker can manipulate the input files processed by this tool. To take advantage of this issue, the attacker needs to provide specially crafted TIFF files to the application using libtiff, which could be done through file uploads or other means of file handling.

CVE-2025-61144High

This vulnerability allows an attacker to execute malicious code on a system by exploiting a stack overflow in the libtiff library when processing specially crafted TIFF images. To be successful, the attacker needs to convince the victim to open a manipulated TIFF file, which could lead to unauthorized access or control over the affected system.

CVE-2025-61143Medium

This vulnerability allows an attacker to crash applications that use the libtiff library by exploiting a flaw in how the library handles certain image files, leading to a program failure. To take advantage of this, the attacker must be able to provide a specially crafted TIFF file to the application.

CVE-2023-52356High

An attacker can exploit a flaw in libtiff to crash applications by sending a specially crafted TIFF file, which can lead to a denial of service. This vulnerability occurs when the TIFFReadRGBATileExt() function processes the malicious file, causing the program to fail unexpectedly.

CVE-2017-5225Critical

This vulnerability allows an attacker to potentially run malicious code on a system or crash it by tricking the libtiff tool into processing a specially crafted image file with a manipulated BitsPerSample value. The attacker needs to have access to a vulnerable version of the libtiff tool to exploit this weakness.