First published: Fri Nov 24 2023(Updated: )
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Sonoma | <14.6 | 14.6 |
Apple visionOS | <1.3 | 1.3 |
Apple macOS Ventura | <13.6.8 | 13.6.8 |
Apple watchOS | <10.6 | 10.6 |
Apple macOS Monterey | <12.7.6 | 12.7.6 |
Apple tvOS | <17.6 | 17.6 |
Apple iOS | <17.6 | 17.6 |
Apple iPadOS | <17.6 | 17.6 |
Apple iOS | <16.7.9 | 16.7.9 |
Apple iPadOS | <16.7.9 | 16.7.9 |
debian/tiff | <=4.2.0-1+deb11u5<=4.5.0-6+deb12u1 | 4.5.1+git230720-5 |
All of | ||
Any of | ||
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Libtiff Libtiff | ||
Fedoraproject Fedora | =38 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-6277 is a vulnerability in the libtiff library that allows a remote attacker to cause a denial of service by exploiting an out-of-memory flaw in the TIFFOpen() API.
The severity of CVE-2023-6277 is high with a CVSS score of 7.5.
CVE-2023-6277 impacts libtiff by allowing a remote attacker to cause a denial of service by exploiting an out-of-memory flaw in the TIFFOpen() API.
To fix CVE-2023-6277, you should update to the latest version of libtiff where the vulnerability has been patched.
You can find more information about CVE-2023-6277 at the following references: [Red Hat CVE Page](https://access.redhat.com/security/cve/CVE-2023-6277), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2251311), and [libtiff GitLab Issues](https://gitlab.com/libtiff/libtiff/-/issues/614).