Bug 2297638 - CVE-2024-6716 iv: Out-of-memory issue in TIFFReadEncodedStrip() may lead to Denial of Service [fedora-all]
Summary: CVE-2024-6716 iv: Out-of-memory issue in TIFFReadEncodedStrip() may lead to D...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: iv
Version: 40
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Ankur Sinha (FranciscoD)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["d36d4894-0a7b-4852-8b90-7...
Depends On:
Blocks: 2297636
TreeView+ depends on / blocked
 
Reported: 2024-07-12 18:34 UTC by Marco Benatto
Modified: 2024-08-05 18:18 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-08-05 18:18:52 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Marco Benatto 2024-07-12 18:34:11 UTC 
More information about this security flaw is available in the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=2297636

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Comment 1 Sandro 2024-07-13 07:54:53 UTC 
Without publicly available details of the CVE it's hard to judge if the bundled libtiff 3.0 is affected.

First of all it's pretty hard to get to that information at all. A link in the title of this bug report leading to a Red Hat landing page, which lists only affected RHEL releases, is not very helpful. The two external reference links don't lead to any further information:

1. This ID has been reserved by a CNA
2. CVE ID Not Found

Unless details become available, I will close this as WONTFIX.
Comment 2 Marco Benatto 2024-08-05 18:18:52 UTC 
Closing this tracker as NOTABUG as this CVE has been rejected by upstream.
Note You need to log in before you can comment on or make changes to this bug.