Cyber Resilience

CVE-2023-53156

Medium

Published: 27 July 2025

Published
27 July 2025
Modified
07 August 2025
KEV Added
Patch
CVSS Score v3.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
EPSS Score 0.0025 48.3th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53156 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Ejmahler Transpose. Its CVSS base score is 4.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 48.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1211 Exploitation for Stealth Stealth
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
Why these techniques?

Buffer overflow via integer overflow enables arbitrary code execution through exploitation, mapping to privilege escalation (T1068), client execution (T1203), and defense evasion (T1211).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

ejmahler
transpose
0.1.0 — 0.2.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References