Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-6277

created 2 weeks, 6 days ago

Libtiff: out-of-memory in tiffopen via a craft file

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Affected products

tkimg

libtiff

mingw-libtiff

compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable 4.7.1
- nixpkgs-unstable 4.7.1
- nixos-unstable-small 4.7.1
nixos-25.05 4.7.0
- nixos-25.05-small 4.7.0
- nixpkgs-25.05-darwin 4.7.0

Package maintainers

@l0b0 Victor Engmark <victor@engmark.name>
@willcohen Will Cohen
@autra Augustin Trancart <augustin.trancart@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers