Wiz
Vulnerability DatabaseCVE-2023-2340

CVE-2023-2340
PHP vulnerability analysis and mitigation

Overview

CVE-2023-2340 is a security vulnerability affecting the libtiff library, which contains functions for manipulating Tagged Image File Format (TIFF) files. The vulnerability was disclosed and addressed in Red Hat Enterprise Linux 9 through a security update released on May 9, 2023 (Red Hat Advisory).

Technical details

The vulnerability is part of a series of security issues in libtiff version 4.4.0 that includes heap buffer overflow problems related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value. The issue has been rated as having a Moderate security impact by Red Hat Product Security (Red Hat Advisory).

Impact

If exploited, this vulnerability could potentially lead to heap buffer overflow conditions in the libtiff library, which could affect applications that process TIFF files. The vulnerability has been assessed to have a moderate security impact on affected systems (Red Hat Advisory).

Mitigation and workarounds

Red Hat has released updated libtiff packages (version 4.4.0-7.el9) to address this vulnerability. Users are advised to update their systems with the provided packages. After applying the update, all running applications linked against libtiff must be restarted (Red Hat Advisory).

Additional resources

SourceThis report was generated using AI

Related PHP vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23492HIGH8.8
  • PHPPHP
  • pimcore/pimcore
NoYesJan 14, 2026
CVE-2026-23498HIGH7.2
  • PHPPHP
  • shopware/core
NoYesJan 14, 2026
GHSA-595p-g7xc-c333MEDIUM6.9
  • PHPPHP
  • algolia/algoliasearch-magento-2
NoYesJan 14, 2026
CVE-2022-50807MEDIUM6.9
  • PHPPHP
  • concrete5/concrete5
NoNoJan 13, 2026
CVE-2026-0859MEDIUM5.2
  • PHPPHP
  • typo3/cms-core
NoYesJan 13, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo