CVE-2023-6277
published 2023-11-24CVE-2023-6277: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.7.9_and_ipados | — | — |
| apple | ios_17.6_and_ipados | — | — |
| apple | macos_monterey | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| apple | tvos | — | — |
| apple | visionos | — | — |
| apple | watchos | — | — |
| debian | tiff | < tiff 4.5.1+git230720-2 (forky) | tiff 4.5.1+git230720-2 (forky) |
| fedoraproject | fedora | — | — |
| msrc | azl3_libtiff_4.6.0-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_libtiff_4.6.0-6_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_libtiff_4.6.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH