CVE-2023-6277

Exploit

EPSS 0.42%
Published 24.11.2023 19:15:07
Last modified 21.11.2024 08:43:31
Source secalert@redhat.com
Teams watchlist Login
Open Login

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Affected products Warnungen 0 Metrics 3 CWE 1 References 26

Data is provided by the National Vulnerability Database (NVD)

Libtiff ≫ Libtiff Version-

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Version9.0

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.61

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://seclists.org/fulldisclosure/2024/Jul/18

https://support.apple.com/kb/HT214119

https://access.redhat.com/security/cve/CVE-2023-6277

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2251311

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/libtiff/libtiff/-/issues/614

Patch

Vendor Advisory

Exploit