CVE-2023-0804: Libtiff Out-of-Bounds Write DoS Flaw

CVE-2023-0804 Overview

CVE-2023-0804 is an out-of-bounds write vulnerability affecting LibTIFF version 4.4.0. The vulnerability exists in the tiffcrop utility within the tools/tiffcrop.c file at line 3609. An attacker can exploit this flaw by providing a specially crafted TIFF file to the tiffcrop tool, resulting in a denial-of-service condition. This vulnerability is classified as CWE-787 (Out-of-bounds Write).

Critical Impact

Processing a maliciously crafted TIFF file can cause the tiffcrop utility to crash, leading to denial of service. Systems that automatically process TIFF images are particularly at risk.

Affected Products

• LibTIFF 4.4.0
• Systems using the tiffcrop tool for TIFF image processing
• Applications that depend on LibTIFF for image manipulation

Discovery Timeline

• February 13, 2023 - CVE-2023-0804 published to NVD
• March 21, 2025 - Last updated in NVD database

Technical Details for CVE-2023-0804

Vulnerability Analysis

The vulnerability resides in the tiffcrop utility, a command-line tool included with LibTIFF that is used for selecting, copying, and processing TIFF image data. The out-of-bounds write occurs at line 3609 in tools/tiffcrop.c, where insufficient boundary checking allows writes beyond the allocated buffer boundaries when processing certain TIFF file structures.

When a user processes a maliciously crafted TIFF file with tiffcrop, the out-of-bounds write can corrupt adjacent memory, leading to application termination or undefined behavior. The vulnerability requires local access and user interaction to trigger, as the victim must execute tiffcrop against a malicious file.

Root Cause

The root cause is insufficient bounds validation in the tiffcrop tool when processing TIFF image data. The code at line 3609 in tiffcrop.c does not properly verify that write operations stay within allocated buffer boundaries before copying or manipulating image data. This allows specially crafted TIFF files with malformed headers or dimensions to trigger writes outside the intended memory region.

Attack Vector

The attack requires a local attacker to either:

1. Convince a user to process a malicious TIFF file using the tiffcrop utility
2. Upload a malicious TIFF file to a system that automatically processes images with tiffcrop
3. Place a malicious TIFF file in a location where automated image processing pipelines will process it

The vulnerability has a local attack vector, meaning the attacker needs some form of access to provide input to the vulnerable component. User interaction is required as the victim must explicitly or implicitly invoke tiffcrop on the malicious file.

The vulnerability mechanism involves crafted TIFF headers or image dimensions that cause the parsing logic to write beyond buffer boundaries. For detailed technical analysis, refer to the GitLab TIFF Issue #497.

Detection Methods for CVE-2023-0804

Indicators of Compromise

• Unexpected crashes of the tiffcrop process when processing TIFF files
• Core dumps or segmentation fault logs related to tiffcrop execution
• Presence of unusually structured TIFF files with malformed headers in processing directories
• Repeated process termination signals for image processing workflows

Detection Strategies

• Monitor for tiffcrop process crashes and abnormal terminations in system logs
• Implement file integrity monitoring on directories where TIFF files are processed
• Use application-level sandboxing to detect and contain out-of-bounds memory access attempts
• Deploy memory corruption detection tools such as AddressSanitizer during testing

Monitoring Recommendations

• Enable crash reporting and analysis for all image processing utilities
• Implement logging for all tiffcrop invocations, including input file hashes and source paths
• Monitor system stability metrics for image processing services
• Configure alerting for repeated process crashes involving LibTIFF tools

How to Mitigate CVE-2023-0804

Immediate Actions Required

• Update LibTIFF to a version that includes commit 33aee1275d9d1384791d2206776eb8152d397f00 or later
• Avoid processing TIFF files from untrusted sources with tiffcrop until patched
• Implement input validation and file type verification before processing TIFF files
• Run image processing utilities in sandboxed environments with limited privileges

Patch Information

The fix for this vulnerability is available in commit 33aee1275d9d1384791d2206776eb8152d397f00. Users who compile LibTIFF from sources should apply this commit to resolve the vulnerability. Multiple Linux distributions have released security advisories and updated packages:

• Debian DSA-5361 Security Announcement
• Debian LTS Advisory February 2023
• Gentoo GLSA 2023-05-31
• Fedora Package Announcement

For the official fix, see the GitLab TIFF Commit Update.

Workarounds

• Avoid using tiffcrop to process files from untrusted or unknown sources
• Implement strict input validation to verify TIFF file integrity before processing
• Use container isolation or sandboxing to limit the impact of potential crashes
• Consider using alternative image processing tools until the patch can be applied

# Update LibTIFF on Debian/Ubuntu systems
sudo apt-get update && sudo apt-get upgrade libtiff5 libtiff-tools

# Update LibTIFF on Fedora/RHEL systems
sudo dnf update libtiff libtiff-tools

# For source compilation, apply the fix commit
cd libtiff
git fetch origin
git cherry-pick 33aee1275d9d1384791d2206776eb8152d397f00
./configure && make && sudo make install