Updated: 2026-02-27 02:19:24.718401
Description:
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libtiff | 4.4.0 | 6.5 | MEDIUM | Ignored | 2025-03-20 03:51:25 | CVE-2023-6277 is a denial‑of‑service–only issue in libtiff that triggers an out‑of‑memory ... | |
| CentOS 7 ELS | libtiff | 4.0.3 | 6.5 | MEDIUM | Ignored | 2024-07-02 11:10:29 | Ignored due to low severity |