2251311 – (CVE-2023-6277) CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file

Bug 2251311 (CVE-2023-6277) - CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file

Summary: CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file

Keywords:
Status:	NEW
Alias:	CVE-2023-6277
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2251319 (view as bug list)
Depends On:	2251313 2251314 2251315 2251316
Blocks:	2251312
TreeView+	depends on / blocked

Reported:	2023-11-24 08:25 UTC by Rohit Keshri
Modified:	2024-03-04 07:46 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2023-11-24 08:25:51 UTC

An out-of-memory problem was found in libtiff that could be triggered by passing a craft tiff file to TIFFOpen() API. In this flaw a remote attackers could cause deny-of-services via a craft input (with size smaller than 379 KB).

Reference:
https://gitlab.com/libtiff/libtiff/-/issues/614

Fixed at:
https://gitlab.com/libtiff/libtiff/-/merge_requests/545
https://gitlab.com/libtiff/libtiff/-/commit/d6bbe53a96b031ab8b53d20241825ddf9e8bf8f1
https://gitlab.com/libtiff/libtiff/-/commit/264a28eff71cf0038ba7b235238512fa594fa42f
https://gitlab.com/libtiff/libtiff/-/commit/abb4476fd2be87fc8ded3078e019f22f84ee0e8c

Comment 2 Rohit Keshri 2023-11-24 09:07:26 UTC

Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2251315]


Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2251313]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2251314]


Created tkimg tracking bugs for this issue:

Affects: fedora-all [bug 2251316]

Comment 7 Dhananjay Arunesh 2024-03-04 07:46:50 UTC

*** Bug 2251319 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.