Untriaged
Permalink
CVE-2023-6228
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
References
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT
- RHSA-2024:5079 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-6228 x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT
- RHSA-2024:2289 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6228 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2240995 issue-tracking x_refsource_REDHAT x_transferred
Affected products
tkimg
libtiff
- *
mingw-libtiff
compat-libtiff3
Matching in nixpkgs
pkgs.libtiff
Library and utilities for working with the TIFF image file format
-
nixos-unstable -
- nixpkgs-unstable 4.7.0
pkgs.tclPackages.tkimg
Img package adds several image formats to Tcl/Tk
-
nixos-unstable -
- nixpkgs-unstable 623
Package maintainers
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@autra Augustin Trancart <augustin.trancart@gmail.com>
-
@willcohen Will Cohen
-
@l0b0 Victor Engmark <victor@engmark.name>
-
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
-
@imincik Ivan Mincik <ivan.mincik@gmail.com>
-
@MatthewCroughan Matthew Croughan <matt@croughan.sh>