An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00418.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Libtiff
  • Libtiff
Redhat
  • Enterprise Linux

Configuration 1 [-]

AND
cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-58521 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Ubuntu USN Ubuntu USN USN-6644-1 LibTIFF vulnerabilities
Ubuntu USN Ubuntu USN USN-6644-2 LibTIFF vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://seclists.org/fulldisclosure/2024/Jul/16 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/17 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/18 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/19 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/20 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/21 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/22 cve-icon
http://seclists.org/fulldisclosure/2024/Jul/23 cve-icon
https://access.redhat.com/security/cve/CVE-2023-6277 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2251311 cve-icon cve-icon
https://gitlab.com/libtiff/libtiff/-/issues/614 cve-icon cve-icon cve-icon
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 cve-icon cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-6277 cve-icon
https://security.netapp.com/advisory/ntap-20240119-0002/ cve-icon
https://support.apple.com/kb/HT214116 cve-icon
https://support.apple.com/kb/HT214117 cve-icon
https://support.apple.com/kb/HT214118 cve-icon
https://support.apple.com/kb/HT214119 cve-icon
https://support.apple.com/kb/HT214120 cve-icon
https://support.apple.com/kb/HT214122 cve-icon
https://support.apple.com/kb/HT214123 cve-icon
https://support.apple.com/kb/HT214124 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-6277 cve-icon
History

Fri, 17 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 17 Sep 2024 01:45:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-10-17T17:20:44.575Z

Reserved: 2023-11-24T08:27:14.831Z

Link: CVE-2023-6277

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:21.720Z

cve-icon NVD

Status : Modified

Published: 2023-11-24T19:15:07.643

Modified: 2024-11-21T08:43:31.253

Link: CVE-2023-6277

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-02T00:00:00Z

Links: CVE-2023-6277 - Bugzilla

cve-icon OpenCVE Enrichment

No data.