Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-6277
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libtiff: out-of-memory in tiffopen via a craft file
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
References
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
-
-
-
-
-
https://gitlab.com/libtiff/libtiff/-/issues/614 x_transferred
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 x_transferred
-
https://security.netapp.com/advisory/ntap-20240119-0002/ x_transferred
-
https://support.apple.com/kb/HT214119 x_transferred
-
https://support.apple.com/kb/HT214123 x_transferred
-
https://support.apple.com/kb/HT214122 x_transferred
-
https://support.apple.com/kb/HT214117 x_transferred
-
https://support.apple.com/kb/HT214118 x_transferred
-
https://support.apple.com/kb/HT214116 x_transferred
-
https://support.apple.com/kb/HT214120 x_transferred
-
https://support.apple.com/kb/HT214124 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/16 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/23 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/21 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/17 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/22 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
-
http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
Affected products
iv
tkimg
libtiff
mingw-libtiff
compat-libtiff3
Package maintainers
-
@willcohen Will Cohen
-
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
-
@l0b0 Victor Engmark <victor@engmark.name>
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@autra Augustin Trancart <augustin.trancart@gmail.com>
-
@imincik Ivan Mincik <ivan.mincik@gmail.com>