Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-3576
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libtiff: memory leak in tiffcrop.c
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
References
Affected products
libtiff
- *
- ==4.5.1
mingw-libtiff
compat-libtiff3
Package maintainers
-
@willcohen Will Cohen
-
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
-
@l0b0 Victor Engmark <victor@engmark.name>
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@autra Augustin Trancart <augustin.trancart@gmail.com>
-
@imincik Ivan Mincik <ivan.mincik@gmail.com>