Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-3576

created 4 months, 3 weeks ago

Memory leak in tiffcrop.c

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

Affected products

libtiff

==4.5.1
*

mingw-libtiff

compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable -
- nixpkgs-unstable 4.7.0

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers