Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6277

Опубликовано: 02 нояб. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Отчет

This is a moderate severity flaw because the impact of the issue is minimal.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libtiffOut of support scope
Red Hat Enterprise Linux 7compat-libtiff3Out of support scope
Red Hat Enterprise Linux 7libtiffOut of support scope
Red Hat Enterprise Linux 8compat-libtiff3Will not fix
Red Hat Enterprise Linux 8libtiffWill not fix
Red Hat Enterprise Linux 9libtiffWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2251311libtiff: Out-of-memory in TIFFOpen via a craft file

EPSS

Процентиль: 88%
0.0375
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-6277

CVSS3: 6.5
ubuntu
больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

nvd логотип

CVE-2023-6277

CVSS3: 6.5
nvd
больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

msrc логотип

CVE-2023-6277

CVSS3: 6.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-6277

CVSS3: 6.5
debian
больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff fil ...

github логотип

GHSA-fq8g-55cp-756j

CVSS3: 7.5
github
больше 2 лет назад

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

EPSS

Процентиль: 88%
0.0375
Низкий

6.5 Medium

CVSS3