Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-6277

Date: November 24, 2023

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Language: C

Severity Score

Related Resources (25)

https://support.apple.com/kb/HT214116
https://access.redhat.com/security/cve/CVE-2023-6277
https://support.apple.com/kb/HT214117
http://seclists.org/fulldisclosure/2024/Jul/16
https://support.apple.com/kb/HT214118
http://seclists.org/fulldisclosure/2024/Jul/17
https://support.apple.com/kb/HT214122
http://seclists.org/fulldisclosure/2024/Jul/18
https://support.apple.com/kb/HT214123
http://seclists.org/fulldisclosure/2024/Jul/19
https://security.netapp.com/advisory/ntap-20240119-0002/
https://support.apple.com/kb/HT214124
https://gitlab.com/libtiff/libtiff/-/issues/614
https://bugzilla.redhat.com/show_bug.cgi?id=2251311
https://support.apple.com/kb/HT214119
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/
https://support.apple.com/kb/HT214120
https://nvd.nist.gov/vuln/detail/CVE-2023-6277
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://gitlab.com/libtiff/libtiff/-/merge_requests/545
https://www.mend.io/vulnerability-database/CVE-2023-6277

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us