CVE-2023-6277

Опубликовано: 02 нояб. 2023

Источник: redhat

CVSS3: 6.5

Описание

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Отчет

This is a moderate severity flaw because the impact of the issue is minimal.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	libtiff	Out of support scope
Red Hat Enterprise Linux 7	compat-libtiff3	Out of support scope
Red Hat Enterprise Linux 7	libtiff	Out of support scope
Red Hat Enterprise Linux 8	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 8	libtiff	Will not fix
Red Hat Enterprise Linux 9	libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2251311libtiff: Out-of-memory in TIFFOpen via a craft file

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-6277

CVSS3: 6.5

ubuntu

больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

CVE-2023-6277

CVSS3: 6.5

nvd

больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

CVE-2023-6277

CVSS3: 6.5

msrc

больше 1 года назад

Описание отсутствует

CVE-2023-6277

CVSS3: 6.5

debian

больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff fil ...

GHSA-fq8g-55cp-756j

CVSS3: 7.5

github

больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

6.5 Medium

CVSS3