CVE-2023-6277

Public on 2023-11-24
Modified on 2024-01-30
Description

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core compat-libtiff3 2023-12-04 ALAS2-2023-2346
Amazon Linux 1 libtiff 2024-02-05 ALAS-2024-1913
Amazon Linux 2 - Core libtiff 2023-12-04 ALAS2-2023-2347
Amazon Linux 2023 libtiff 2023-12-14 ALAS2023-2023-439

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2023-6277 Mitre: CVE-2023-6277