Bug 2297636 (CVE-2024-6716) - CVE-2024-6716 libtiff: Out-of-memory issue in TIFFReadEncodedStrip() may lead to Denial of Service [NEEDINFO]
Summary: CVE-2024-6716 libtiff: Out-of-memory issue in TIFFReadEncodedStrip() may lead...
Keywords:
Status: NEW
Alias: CVE-2024-6716
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2297637 2297638 2297639 2297641
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-12 18:18 UTC by Marco Benatto
Modified: 2024-08-13 19:55 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted TIFF file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:
mhlavink: needinfo? (mbenatto)

Attachments (Terms of Use)

Description Marco Benatto 2024-07-12 18:18:40 UTC 
A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted tiff file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.

Reference:
https://gitlab.com/libtiff/libtiff/-/issues/620

Upstream patch:
https://gitlab.com/libtiff/libtiff/-/merge_requests/553
Comment 1 Michal Hlavinka 2024-07-30 13:10:49 UTC 
Hi, I've checked the provided upstream report which was resolved as "documentation change only". Also assigned cve id has changed to 'rejected':
https://nvd.nist.gov/vuln/detail/CVE-2023-6716 Should we close this tracker and blocking bugs?
Note You need to log in before you can comment on or make changes to this bug.