CVE-2023-6277

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6277
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://access.redhat.com/security/cve/CVE-2023-6277 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251311 Issue Tracking Patch Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/614 Exploit Issue Tracking Patch Vendor Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/
https://security.netapp.com/advisory/ntap-20240119-0002/
https://support.apple.com/kb/HT214116
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214123
https://support.apple.com/kb/HT214124
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
History

30 Jul 2024, 02:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -
  • () http://seclists.org/fulldisclosure/2024/Jul/19 -

30 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/16 -
  • () http://seclists.org/fulldisclosure/2024/Jul/17 -
  • () http://seclists.org/fulldisclosure/2024/Jul/20 -
  • () http://seclists.org/fulldisclosure/2024/Jul/21 -
  • () http://seclists.org/fulldisclosure/2024/Jul/22 -
  • () http://seclists.org/fulldisclosure/2024/Jul/23 -

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214116 -
  • () https://support.apple.com/kb/HT214117 -
  • () https://support.apple.com/kb/HT214118 -
  • () https://support.apple.com/kb/HT214119 -
  • () https://support.apple.com/kb/HT214120 -
  • () https://support.apple.com/kb/HT214122 -
  • () https://support.apple.com/kb/HT214123 -
  • () https://support.apple.com/kb/HT214124 -
Information

Published : 2023-11-24 19:15

Updated : 2024-07-30 02:15

NVD link : CVE-2023-6277

Mitre link : CVE-2023-6277

CVE.ORG link : CVE-2023-6277

JSON object : View

Products Affected

libtiff

  • libtiff

fedoraproject

  • fedora

redhat

  • enterprise_linux
CWE
CWE-400

Uncontrolled Resource Consumption