Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-52355

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months ago

Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

References

RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
RHSA-2025:20801 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
RHSA-2025:20801 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
RHSA-2025:20801 x_refsource_REDHAT vendor-advisory
RHSA-2025:21994 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHSA-2025:20801 x_refsource_REDHAT vendor-advisory
RHSA-2025:21994 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
RHSA-2025:23078 x_refsource_REDHAT vendor-advisory
RHSA-2025:23079 x_refsource_REDHAT vendor-advisory
RHSA-2025:23080 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
RHSA-2025:20801 x_refsource_REDHAT vendor-advisory
RHSA-2025:21994 x_refsource_REDHAT vendor-advisory
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2025:20801 x_refsource_REDHAT vendor-advisory
RHSA-2025:21994 x_refsource_REDHAT vendor-advisory
RHSA-2025:23078 x_refsource_REDHAT vendor-advisory
RHSA-2025:23079 x_refsource_REDHAT vendor-advisory
RHSA-2025:23080 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry
RHBZ#2251326 issue-tracking x_refsource_REDHAT
https://gitlab.com/libtiff/libtiff/-/issues/621
https://gitlab.com/libtiff/libtiff/-/issues/621 x_transferred
https://access.redhat.com/security/cve/CVE-2023-52355 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2251326 issue-tracking x_refsource_REDHAT x_transferred

Affected products

tkimg

libtiff

*
<4.6.0

mingw-libtiff

compat-libtiff3

rhaiis/vllm-cuda-rhel9

rhaiis/vllm-rocm-rhel9

rhaiis/model-opt-cuda-rhel9

discovery/discovery-ui-rhel9

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable 4.7.1
- nixpkgs-unstable 4.7.1
- nixos-unstable-small 4.7.1

Package maintainers

@l0b0 Victor Engmark <victor@engmark.name>
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@willcohen Will Cohen
@autra Augustin Trancart <augustin.trancart@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers