First published: Fri Nov 24 2023(Updated: )
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Libtiff Libtiff | ||
Any of | ||
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Fedoraproject Fedora | =38 | |
ubuntu/tiff | <4.0.3-7ubuntu0.11+ | 4.0.3-7ubuntu0.11+ |
ubuntu/tiff | <4.0.6-1ubuntu0.8+ | 4.0.6-1ubuntu0.8+ |
ubuntu/tiff | <4.0.9-5ubuntu0.10+ | 4.0.9-5ubuntu0.10+ |
ubuntu/tiff | <4.1.0+ | 4.1.0+ |
ubuntu/tiff | <4.3.0-6ubuntu0.8 | 4.3.0-6ubuntu0.8 |
ubuntu/tiff | <4.5.1+ | 4.5.1+ |
ubuntu/tiff | <4.5.1+ | 4.5.1+ |
debian/tiff | <=4.1.0+git191117-2~deb10u4<=4.1.0+git191117-2~deb10u9<=4.2.0-1+deb11u5<=4.5.0-6+deb12u1 | 4.5.1+git230720-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6277 is a vulnerability in the libtiff library that allows a remote attacker to cause a denial of service by exploiting an out-of-memory flaw in the TIFFOpen() API.
The severity of CVE-2023-6277 is high with a CVSS score of 7.5.
CVE-2023-6277 impacts libtiff by allowing a remote attacker to cause a denial of service by exploiting an out-of-memory flaw in the TIFFOpen() API.
To fix CVE-2023-6277, you should update to the latest version of libtiff where the vulnerability has been patched.
You can find more information about CVE-2023-6277 at the following references: [Red Hat CVE Page](https://access.redhat.com/security/cve/CVE-2023-6277), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2251311), and [libtiff GitLab Issues](https://gitlab.com/libtiff/libtiff/-/issues/614).