Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-40745

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months, 1 week ago

Libtiff: integer overflow in tiffcp.c

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

References

RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231110-0005/
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry
RHBZ#2235265 issue-tracking x_refsource_REDHAT
RHSA-2024:2289 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-40745 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2235265 issue-tracking x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20231110-0005/ x_transferred

Affected products

libtiff

==4.6.0
*
<4.6.0

mingw-libtiff

compact-libtiff

compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable -
- nixpkgs-unstable 4.7.0

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers