Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-6716

created 4 months, 3 weeks ago

Libtiff: out-of-memory issue in tiffreadencodedstrip() may lead to denial of service

A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing libtiff to allocate memory indefinitely. This issue can result in a denial of service of the system consuming libtiff due to memory starvation.

Affected products

libtiff

mingw-libtiff

compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable -
- nixpkgs-unstable 4.7.0

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers