Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-52356

created 1 day, 7 hours ago

Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Affected products

tkimg

libtiff

<4.6.0
*

mingw-libtiff

compat-libtiff3

rhaiis/vllm-cuda-rhel9

rhaiis/vllm-rocm-rhel9

rhaiis/model-opt-cuda-rhel9

discovery/discovery-ui-rhel9

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable 4.7.1
- nixpkgs-unstable 4.7.1
- nixos-unstable-small 4.7.1
nixos-25.11 4.7.1
- nixos-25.11-small 4.7.1
- nixpkgs-25.11-darwin 4.7.1

Package maintainers

@l0b0 Victor Engmark <victor@engmark.name>
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@willcohen Will Cohen
@autra Augustin Trancart <augustin.trancart@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers