Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-40745
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libtiff: integer overflow in tiffcp.c
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
Affected products
libtiff
- *
- ==4.6.0
- <4.6.0
mingw-libtiff
compact-libtiff
compat-libtiff3
Package maintainers
-
@willcohen Will Cohen
-
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
-
@l0b0 Victor Engmark <victor@engmark.name>
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@autra Augustin Trancart <augustin.trancart@gmail.com>
-
@imincik Ivan Mincik <ivan.mincik@gmail.com>