CVE-2023-3576: 
NixOS vulnerability analysis and mitigation

CVE-2023-3576 is a memory leak vulnerability discovered in Libtiff's tiffcrop utility. The vulnerability affects versions up to (excluding) 4.5.1 of the libtiff library. When tiffcrop operates on a TIFF image file, an attacker can exploit this vulnerability by passing a crafted TIFF image file to the tiffcrop utility (NVD, Debian LTS).

The vulnerability is classified as a memory leak issue (CWE-401) in the tiffcrop.c file. The CVSS v3.1 base score is 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue specifically occurs during the processing of TIFF image files by the tiffcrop utility (Red Hat Bugzilla).

When exploited, this vulnerability can result in a memory leak that leads to application crashes and ultimately causes a denial of service condition. The impact is primarily on the availability of the system running the affected tiffcrop utility (Red Hat Bugzilla, Debian LTS).

The vulnerability has been fixed in libtiff version 4.5.1. Users are recommended to upgrade their libtiff packages to the latest version. For specific distributions, security updates have been released: Red Hat Enterprise Linux 9 via RHSA-2023:6575 and Debian 10 Buster via version 4.1.0+git191117-2~deb10u9 (Red Hat Advisory, Debian LTS).