Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-3576

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months, 1 week ago

Memory leak in tiffcrop.c

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

References

RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry
RHBZ#2219340 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html x_transferred
RHSA-2023:6575 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-3576 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2219340 issue-tracking x_refsource_REDHAT x_transferred

Affected products

libtiff

==4.5.1
*

mingw-libtiff

compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable -
- nixpkgs-unstable 4.7.0

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers