Bug 2251311 (CVE-2023-6277) - CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file
Summary: CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file
Keywords:
Status: NEW
Alias: CVE-2023-6277
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: 2251319 (view as bug list)
Depends On: 2251313 2251314 2251315 2251316
Blocks: 2251312
TreeView+ depends on / blocked
 
Reported: 2023-11-24 08:25 UTC by Rohit Keshri
Modified: 2024-03-04 07:46 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2023-11-24 08:25:51 UTC
An out-of-memory problem was found in libtiff that could be triggered by passing a craft tiff file to TIFFOpen() API. In this flaw a remote attackers could cause deny-of-services via a craft input (with size smaller than 379 KB).

Reference:
https://gitlab.com/libtiff/libtiff/-/issues/614

Fixed at:
https://gitlab.com/libtiff/libtiff/-/merge_requests/545
https://gitlab.com/libtiff/libtiff/-/commit/d6bbe53a96b031ab8b53d20241825ddf9e8bf8f1
https://gitlab.com/libtiff/libtiff/-/commit/264a28eff71cf0038ba7b235238512fa594fa42f
https://gitlab.com/libtiff/libtiff/-/commit/abb4476fd2be87fc8ded3078e019f22f84ee0e8c

Comment 2 Rohit Keshri 2023-11-24 09:07:26 UTC
Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2251315]


Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2251313]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2251314]


Created tkimg tracking bugs for this issue:

Affects: fedora-all [bug 2251316]

Comment 7 Dhananjay Arunesh 2024-03-04 07:46:50 UTC
*** Bug 2251319 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.