An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-6277 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2251311 | Issue Tracking Patch Third Party Advisory |
https://gitlab.com/libtiff/libtiff/-/issues/614 | Exploit Issue Tracking Patch Vendor Advisory |
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 | Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/ | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/ | |
https://security.netapp.com/advisory/ntap-20240119-0002/ |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
19 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jan 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2023, 20:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat
Libtiff libtiff Fedoraproject fedora Fedoraproject Libtiff Redhat enterprise Linux |
|
CPE | cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
CWE | CWE-400 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://access.redhat.com/security/cve/CVE-2023-6277 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2251311 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://gitlab.com/libtiff/libtiff/-/merge_requests/545 - Patch, Vendor Advisory | |
References | () https://gitlab.com/libtiff/libtiff/-/issues/614 - Exploit, Issue Tracking, Patch, Vendor Advisory |
24 Nov 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-24 19:15
Updated : 2024-01-19 16:15
NVD link : CVE-2023-6277
Mitre link : CVE-2023-6277
CVE.ORG link : CVE-2023-6277
JSON object : View
Products Affected
redhat
- enterprise_linux
libtiff
- libtiff
fedoraproject
- fedora
CWE
CWE-400
Uncontrolled Resource Consumption