It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-439 advisory. An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. (CVE-2023-6277) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-439)
