Lucene search
AmazonALAS-2023-2346HistoryNov 29, 2023 - 10:19 p.m.
Important: compat-libtiff3
2023-11-2922:19:00
alas.aws.amazon.com
8
libtiff
out-of-memory
compat-libtiff3
update
denial of service
cve-2023-6277
amazon linux 2
Issue Overview:
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. (CVE-2023-6277)
Affected Packages:
compat-libtiff3
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update compat-libtiff3 to update your system.
New Packages:
aarch64:
compat-libtiff3-3.9.4-12.amzn2.0.4.aarch64
compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.4.aarch64
i686:
compat-libtiff3-3.9.4-12.amzn2.0.4.i686
compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.4.i686
src:
compat-libtiff3-3.9.4-12.amzn2.0.4.src
x86_64:
compat-libtiff3-3.9.4-12.amzn2.0.4.x86_64
compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2023-6277
Mitre: CVE-2023-6277
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | compat-libtiff3 | < 3.9.4-12.amzn2.0.4 | compat-libtiff3-3.9.4-12.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | compat-libtiff3-debuginfo | < 3.9.4-12.amzn2.0.4 | compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | i686 | compat-libtiff3 | < 3.9.4-12.amzn2.0.4 | compat-libtiff3-3.9.4-12.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | compat-libtiff3-debuginfo | < 3.9.4-12.amzn2.0.4 | compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | x86_64 | compat-libtiff3 | < 3.9.4-12.amzn2.0.4 | compat-libtiff3-3.9.4-12.amzn2.0.4.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | compat-libtiff3-debuginfo | < 3.9.4-12.amzn2.0.4 | compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.4.x86_64.rpm |
Related
nessus
nessus
Fedora 39 : tkimg (2024-e812bddc51)
2024-01-13 00:00:00
Amazon Linux AMI : libtiff (ALAS-2024-1913)
2024-02-06 00:00:00
Fedora 38 : tkimg (2024-43b9d9bff9)
2024-01-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-11-27 06:51:44
fedora
fedora
[SECURITY] Fedora 38 Update: tkimg-1.4.16-1.fc38
2024-01-14 00:47:34
[SECURITY] Fedora 39 Update: tkimg-1.4.16-1.fc39
2024-01-14 01:00:15
ubuntucve
ubuntucve
CVE-2023-6277
2023-11-24 00:00:00
openvas
openvas
Fedora: Security Advisory for tkimg (FEDORA-2024-43b9d9bff9)
2024-01-18 00:00:00
Fedora: Security Advisory for tkimg (FEDORA-2024-e812bddc51)
2024-01-18 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2024-1471)
2024-03-21 00:00:00
debiancve
debiancve
CVE-2023-6277
2023-11-24 18:20:16
cve
cve
CVE-2023-6277
2023-11-24 18:20:16
prion
prion
Memory corruption
2023-11-24 19:15:00
amazon
amazon
Important: libtiff
2023-11-29 22:19:00
Important: libtiff
2024-02-01 19:33:00
cvelist
cvelist
CVE-2023-6277 Libtiff: out-of-memory in tiffopen via a craft file
2023-11-24 18:20:16
redos
redos
ROS-20240328-14
2024-03-28 00:00:00
wolfi
wolfi
CVE-2023-6277 vulnerabilities
2024-05-29 03:07:31
redhatcve
redhatcve
CVE-2023-6277
2023-11-24 08:51:34
cgr
cgr
CVE-2023-6277 vulnerabilities
2024-05-19 03:07:16
ubuntu
ubuntu
LibTIFF vulnerabilities
2024-02-19 00:00:00
LibTIFF vulnerabilities
2024-02-27 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0708
2024-01-05 00:00:00
osv
osv
tiff vulnerabilities
2024-02-27 18:31:07
tiff vulnerabilities
2024-02-19 20:07:28
cloudfoundry
cloudfoundry
USN-6644-2: LibTIFF vulnerabilities | Cloud Foundry
2024-04-04 00:00:00