CVE-2023-6277

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-6277	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251311	Issue Tracking Patch Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/614	Exploit Issue Tracking Patch Vendor Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/545	Patch Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://access.redhat.com/security/cve/CVE-2023-6277	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251311	Issue Tracking Patch Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/614	Exploit Issue Tracking Patch Vendor Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/545	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/
https://security.netapp.com/advisory/ntap-20240119-0002/
https://support.apple.com/kb/HT214116
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214123
https://support.apple.com/kb/HT214124

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

History

21 Nov 2024, 08:43

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/16 - () http://seclists.org/fulldisclosure/2024/Jul/17 - () http://seclists.org/fulldisclosure/2024/Jul/18 - () http://seclists.org/fulldisclosure/2024/Jul/19 - () http://seclists.org/fulldisclosure/2024/Jul/20 - () http://seclists.org/fulldisclosure/2024/Jul/21 - () http://seclists.org/fulldisclosure/2024/Jul/22 - () http://seclists.org/fulldisclosure/2024/Jul/23 - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/ - () https://security.netapp.com/advisory/ntap-20240119-0002/ - () https://support.apple.com/kb/HT214116 - () https://support.apple.com/kb/HT214117 - () https://support.apple.com/kb/HT214118 - () https://support.apple.com/kb/HT214119 - () https://support.apple.com/kb/HT214120 - () https://support.apple.com/kb/HT214122 - () https://support.apple.com/kb/HT214123 - () https://support.apple.com/kb/HT214124 -
References	~~() https://access.redhat.com/security/cve/CVE-2023-6277 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-6277 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2251311 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2251311 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://gitlab.com/libtiff/libtiff/-/issues/614 - Exploit, Issue Tracking, Patch, Vendor Advisory~~	() https://gitlab.com/libtiff/libtiff/-/issues/614 - Exploit, Issue Tracking, Patch, Vendor Advisory
References	~~() https://gitlab.com/libtiff/libtiff/-/merge_requests/545 - Patch, Vendor Advisory~~	() https://gitlab.com/libtiff/libtiff/-/merge_requests/545 - Patch, Vendor Advisory

17 Sep 2024, 01:15

Type	Values Removed	Values Added
References	~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/16', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/17', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/18', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/19', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/20', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/21', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/22', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'http://seclists.org/fulldisclosure/2024/Jul/23', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://security.netapp.com/advisory/ntap-20240119-0002/', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214116', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214117', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214118', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214119', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214120', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214122', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214123', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://support.apple.com/kb/HT214124', 'source': 'secalert@redhat.com'}~~

30 Jul 2024, 02:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/18 - () http://seclists.org/fulldisclosure/2024/Jul/19 -

30 Jul 2024, 01:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/16 - () http://seclists.org/fulldisclosure/2024/Jul/17 - () http://seclists.org/fulldisclosure/2024/Jul/20 - () http://seclists.org/fulldisclosure/2024/Jul/21 - () http://seclists.org/fulldisclosure/2024/Jul/22 - () http://seclists.org/fulldisclosure/2024/Jul/23 -

29 Jul 2024, 22:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214116 - () https://support.apple.com/kb/HT214117 - () https://support.apple.com/kb/HT214118 - () https://support.apple.com/kb/HT214119 - () https://support.apple.com/kb/HT214120 - () https://support.apple.com/kb/HT214122 - () https://support.apple.com/kb/HT214123 - () https://support.apple.com/kb/HT214124 -

19 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240119-0002/ -

14 Jan 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/ -

30 Nov 2023, 20:05

Type	Values Removed	Values Added
First Time		Fedoraproject fedora Fedoraproject Redhat Libtiff Libtiff libtiff Redhat enterprise Linux
References	~~() https://access.redhat.com/security/cve/CVE-2023-6277 -~~	() https://access.redhat.com/security/cve/CVE-2023-6277 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2251311 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2251311 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://gitlab.com/libtiff/libtiff/-/merge_requests/545 -~~	() https://gitlab.com/libtiff/libtiff/-/merge_requests/545 - Patch, Vendor Advisory
References	~~() https://gitlab.com/libtiff/libtiff/-/issues/614 -~~	() https://gitlab.com/libtiff/libtiff/-/issues/614 - Exploit, Issue Tracking, Patch, Vendor Advisory
CPE		cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:libtiff:libtiff:-:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-400

24 Nov 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-24 19:15

Updated : 2024-11-21 08:43

NVD link : CVE-2023-6277

Mitre link : CVE-2023-6277

CVE.ORG link : CVE-2023-6277

JSON object : View

Products Affected

fedoraproject

fedora

libtiff

libtiff

redhat

enterprise_linux

CWE

CWE-400

Uncontrolled Resource Consumption

6.5 /10