CVE-2023-52356 | Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Published: 2024-01-25 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-52356 is rated Moderate Risk (59.4/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.19%). EPSS rose +1.45% over the last day, indicating growing attacker interest. Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-52356

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.74% 2.19% +1.45%
2 2026-05-25 0.85% 0.74% -0.11%
3 2026-05-22 0.85%

Full EPSS history (35 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-52356

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 3.6 [email protected]
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 3.6 [email protected]

Weakness enumeration for CVE-2023-52356

GitHub Security Advisory for CVE-2023-52356

GHSA-cx8g-4cf5-cjv3 · Severity: high — A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted...

OS Trackers for CVE-2023-52356

vendor priority summary link
debian not yet assigned CVE-2023-52356 not yet assigned priority: Debian including 1 source packages (tiff), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2023-52356
redhat medium https://access.redhat.com/security/cve/CVE-2023-52356
suse medium CVE-2023-52356 severity moderate: SUSE including 273 source package names (0.3.2-1.2:libtiff6-4.7.0-150600.3.8.1, 0.9.1-1.2:libtiff6-4.7.0-150600.3.8.1, …), 458 product×package rows across 159 product lines (Container containers/lmcache-vllm-openai, Container containers/open-webui, … (159 product lines)): Known Affected 231, Fixed 227. https://www.suse.com/security/cve/CVE-2023-52356/
ubuntu medium CVE-2023-52356 medium priority: Ubuntu including 4 source packages (gdal, qtwebengine-opensource-src, texmaker, tiff), 44 status rows across 11 suites (bionic, focal, jammy, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): needs-triage 16, released 10, not-affected 9, ignored 6, DNE 3. https://ubuntu.com/security/CVE-2023-52356

Affected software / configurations for CVE-2023-52356

Vendor Product Version Raw CPE
libtiff libtiff cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
redhat enterprise_linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhat enterprise_linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

References for CVE-2023-52356

URL Tags
https://access.redhat.com/errata/RHSA-2024:5079
https://access.redhat.com/errata/RHSA-2025:20801
https://access.redhat.com/errata/RHSA-2025:21994
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:5958
https://access.redhat.com/errata/RHSA-2026:7081
https://access.redhat.com/errata/RHSA-2026:7304
https://access.redhat.com/errata/RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8748
https://access.redhat.com/security/cve/CVE-2023-52356 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251344 Issue Tracking Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/622 Issue Tracking Patch
https://gitlab.com/libtiff/libtiff/-/merge_requests/546 Issue Tracking Patch
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
https://support.apple.com/kb/HT214116
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214123
https://support.apple.com/kb/HT214124
cvelogic Threat Intelligence