Vulnerability Details : CVE-2023-6277
Potential exploit
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Vulnerability category: Denial of service
Products affected by CVE-2023-6277
- cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6277
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6277
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Red Hat, Inc. | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Red Hat, Inc. | 2024-01-02 |
CWE ids for CVE-2023-6277
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-6277
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/
[SECURITY] Fedora 39 Update: tkimg-1.4.16-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://gitlab.com/libtiff/libtiff/-/merge_requests/545
Prevent some out-of-memory attacks (!545) · Merge requests · libtiff / libtiff · GitLabPatch;Vendor Advisory
-
http://seclists.org/fulldisclosure/2024/Jul/22
Full Disclosure: APPLE-SA-07-29-2024-8 tvOS 17.6
-
http://seclists.org/fulldisclosure/2024/Jul/16
Full Disclosure: APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6
-
https://support.apple.com/kb/HT214124
About the security content of watchOS 10.6 - Apple Support
-
http://seclists.org/fulldisclosure/2024/Jul/23
Full Disclosure: APPLE-SA-07-29-2024-9 visionOS 1.3
-
http://seclists.org/fulldisclosure/2024/Jul/20
Full Disclosure: APPLE-SA-07-29-2024-6 macOS Monterey 12.7.6
-
https://gitlab.com/libtiff/libtiff/-/issues/614
Out-of-memory happened in TIFFOpen via a craft file (#614) · Issues · libtiff / libtiff · GitLabExploit;Issue Tracking;Patch;Vendor Advisory
-
https://support.apple.com/kb/HT214116
About the security content of iOS 16.7.9 and iPadOS 16.7.9 - Apple Support
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/
[SECURITY] Fedora 38 Update: tkimg-1.4.16-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://access.redhat.com/security/cve/CVE-2023-6277
CVE-2023-6277- Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/kb/HT214117
About the security content of iOS 17.6 and iPadOS 17.6 - Apple Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=2251311
2251311 – (CVE-2023-6277) CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft fileIssue Tracking;Patch;Third Party Advisory
-
http://seclists.org/fulldisclosure/2024/Jul/21
Full Disclosure: APPLE-SA-07-29-2024-7 watchOS 10.6
-
https://security.netapp.com/advisory/ntap-20240119-0002/
CVE-2023-6277 LibTIFF Vulnerability in NetApp Products | NetApp Product Security
-
https://support.apple.com/kb/HT214122
About the security content of tvOS 17.6 - Apple Support
-
http://seclists.org/fulldisclosure/2024/Jul/19
Full Disclosure: APPLE-SA-07-29-2024-5 macOS Ventura 13.6.8
-
https://support.apple.com/kb/HT214120
About the security content of macOS Ventura 13.6.8 - Apple Support
-
https://support.apple.com/kb/HT214119
About the security content of macOS Sonoma 14.6 - Apple Support
-
https://support.apple.com/kb/HT214123
About the security content of visionOS 1.3 - Apple Support
-
http://seclists.org/fulldisclosure/2024/Jul/18
Full Disclosure: APPLE-SA-07-29-2024-4 macOS Sonoma 14.6
-
http://seclists.org/fulldisclosure/2024/Jul/17
Full Disclosure: APPLE-SA-07-29-2024-3 iOS 16.7.9 and iPadOS 16.7.9
-
https://support.apple.com/kb/HT214118
About the security content of macOS Monterey 12.7.6 - Apple Support
Jump to