{"id":"CVE-2023-2731","details":"A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.","modified":"2026-04-12T03:51:15.036760Z","published":"2023-05-17T22:15:11.047Z","related":["ALSA-2023:6575","SUSE-SU-2023:4736-1","SUSE-SU-2023:4869-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230703-0009/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-2731"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207635"},{"type":"FIX","url":"https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b"},{"type":"FIX","url":"https://gitlab.com/libtiff/libtiff/-/issues/548"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libsdl-org/libtiff","events":[{"introduced":"0"},{"fixed":"9be22b639ea69e102d3847dca4c53ef025e9527b"}]},{"type":"GIT","repo":"https://gitlab.com/libtiff/libtiff","events":[{"introduced":"0"},{"fixed":"38eb7b00cb5767770017fb91743a960ffd96d774"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.5.0"}]}}],"versions":["v3.5.3","v3.5.4","v3.5.5","v3.5.7","v3.6.0","v3.6.0beta2","v3.6.1","v3.7.0","v3.7.0alpha","v3.7.0beta","v3.7.0beta2","v3.7.1","v3.7.2","v3.7.3","v3.7.4","v3.8.0","v3.8.1","v3.8.2","v4.0.0","v4.0.0alpha","v4.0.0alpha4","v4.0.0alpha5","v4.0.0alpha6","v4.0.0beta7","v4.0.1","v4.0.10","v4.0.2","v4.0.3","v4.0.4","v4.0.4beta","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9","v4.1.0","v4.2.0","v4.3.0","v4.3.0rc1","v4.4.0","v4.4.0rc1","v4.5.0","v4.5.0rc2","v4.5.0rc3"],"database_specific":{"vanir_signatures_modified":"2026-04-12T03:51:15Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"signature_type":"Function","target":{"file":"libtiff/tif_lzw.c","function":"LZWDecode"},"digest":{"function_hash":"245001074140038746663841580373533557202","length":5381},"source":"https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b","id":"CVE-2023-2731-9e1e27c4","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"libtiff/tif_lzw.c"},"digest":{"line_hashes":["47863501326480845300155871873838596185","314431711509528890513175766027303822251","20538631509312112594542715258870283980","269723995513629474282568554348073905124","240439446250830314907397831766668572994","121194476423448759737583876339525208141","286627866093491271578526113972452842040","250501192524177400843401446766363376163"],"threshold":0.9},"source":"https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b","id":"CVE-2023-2731-c876fe5a","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2731.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}