Redhat.comRH:CVE-2023-6277

HistoryNov 24, 2023 - 8:51 a.m.

CVE-2023-6277

2023-11-2408:51:34

redhat.com

access.redhat.com

cve-2023-6277

denial of service

remote attacker

libtiff

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.5%

JSON

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

References

bugzilla.redhat.com/show_bug.cgi?id=2251311

gitlab.com/libtiff/libtiff/-/issues/614

gitlab.com/libtiff/libtiff/-/merge_requests/545

nvd.nist.gov/vuln/detail/CVE-2023-6277

www.cve.org/CVERecord?id=CVE-2023-6277