The version of libtiff installed on the remote host is prior to 4.0.3-35.50. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1913 advisory. An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. (CVE-2023-6277) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Amazon Linux AMI : libtiff (ALAS-2024-1913)
