Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-40745

created 4 months, 3 weeks ago

Libtiff: integer overflow in tiffcp.c

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

Affected products

libtiff

<4.6.0
==4.6.0
*

mingw-libtiff

compact-libtiff

compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable -
- nixpkgs-unstable 4.7.0

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers