SB2024010834 - Denial of service in libtiff
Published: January 8, 2024
Security Bulletin ID
SB2024010834
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2023-6277)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the TIFFOpen() API. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2251311
- https://gitlab.com/libtiff/libtiff/-/issues/614
- https://gitlab.com/libtiff/libtiff/-/merge_requests/545
- https://gitlab.com/libtiff/libtiff/-/commit/d6bbe53a96b031ab8b53d20241825ddf9e8bf8f1
- https://gitlab.com/libtiff/libtiff/-/commit/264a28eff71cf0038ba7b235238512fa594fa42f
- https://gitlab.com/libtiff/libtiff/-/commit/abb4476fd2be87fc8ded3078e019f22f84ee0e8c