Bug 2297636 - libtiff: Out-of-memory issue in TIFFReadEncodedStrip() may lead to Denial of Service [NEEDINFO]
Summary: libtiff: Out-of-memory issue in TIFFReadEncodedStrip() may lead to Denial of ...
Keywords:
Status: NEW
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2297637 2297638 2297639 2297641
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-12 18:18 UTC by Marco Benatto
Modified: 2024-09-04 16:06 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted TIFF file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:
mhlavink: needinfo? (mbenatto)

Attachments (Terms of Use)

Description Marco Benatto 2024-07-12 18:18:40 UTC 
A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted tiff file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.

Reference:
https://gitlab.com/libtiff/libtiff/-/issues/620

Upstream patch:
https://gitlab.com/libtiff/libtiff/-/merge_requests/553
Comment 1 Michal Hlavinka 2024-07-30 13:10:49 UTC 
Hi, I've checked the provided upstream report which was resolved as "documentation change only". Also assigned cve id has changed to 'rejected':
https://nvd.nist.gov/vuln/detail/CVE-2023-6716 Should we close this tracker and blocking bugs?
Comment 3 Guilherme de Almeida Suckevicz 2024-09-04 16:06:37 UTC 
The CVE-2024-6716[1] has been rejected as well.

[1]. https://www.cve.org/CVERecord?id=CVE-2024-6716
Note You need to log in before you can comment on or make changes to this bug.