Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2023-6277

Published: 24/11/2023 Updated: 19/01/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Libtiff

Vulnerability Summary

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote malicious user to cause a denial of service via a craft input with size smaller than 379 KB.

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff -

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: tiff: CVE-2023-6277
Debian Bug report logs - #1056751 tiff: CVE-2023-6277 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Nov 2023 21:33:02 UTC Severity: important Tags: security, upstream Found in version tiff/451+git230720-1 ...
Amazon Linux AMI: ALAS-2024-1913
An out-of-memory flaw was found in libtiff Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB (CVE-2023-6277) ...
Amazon Linux 2: ALAS-2023-2346
An out-of-memory flaw was found in libtiff Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB (CVE-2023-6277) ...
Amazon Linux 2: ALAS-2023-2347
An out-of-memory flaw was found in libtiff Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB (CVE-2023-6277) ...
Red Hat:
Description<!---->An out-of-memory flaw was found in libtiff Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KBAn out-of-memory flaw was found in libtiff Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial o ...

Github Repositories

https://github.com/PromptFuzz/PromptFuzz

PromtFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts.

Prompt Fuzzing for Fuzz Driver Generation PromtFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts The fuzz loop of PromptFuzz aims to guide the mutation of LLMs' prompts to generate programs that cover more reachable code and explore complex API interrelationships, which are effective

References

CWE-400https://access.redhat.com/security/cve/CVE-2023-6277https://bugzilla.redhat.com/show_bug.cgi?id=2251311https://gitlab.com/libtiff/libtiff/-/issues/614https://gitlab.com/libtiff/libtiff/-/merge_requests/545https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/https://security.netapp.com/advisory/ntap-20240119-0002/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056751https://nvd.nist.govhttps://github.com/PromptFuzz/PromptFuzzhttps://alas.aws.amazon.com/ALAS-2024-1913.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook