libtiff.so is vulnerable to Denial of Service. The vulnerability is caused by the TIFFReadDirEntryArrayWithLimit
and EstimateStripByteCounts
functions in tif_dirread.c
failing to verify if the requested memory size was greater than the actual file size due to allocating memory based on the size of data specified in the TIFF file metadata. An attacker can craft TIFF file to the TIFFOpen()
API which allows a remote attacker to cause a Denial of Service via a crafted input with a size smaller than 379 KB.
CPE | Name | Operator | Version |
---|---|---|---|
libtiff.so | le | 6.0.2 | |
libtiff.so | le | 6.0.2 |
access.redhat.com/security/cve/CVE-2023-6277
bugzilla.redhat.com/show_bug.cgi?id=2251311
gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a
gitlab.com/libtiff/libtiff/-/issues/614
gitlab.com/libtiff/libtiff/-/merge_requests/545
lists.fedoraproject.org/archives/list/[email protected]/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/
lists.fedoraproject.org/archives/list/[email protected]/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/
security.netapp.com/advisory/ntap-20240119-0002/