CVE-2023-26965

Опубликовано: 14 июн. 2023

Источник: debian

EPSS Низкий

Описание

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

Пакет	Статус	Версия исправления	Релиз	Тип
tiff	fixed	4.5.1~rc3-1		package
tiff	fixed	4.5.0-6+deb12u2	bookworm	package

https://gitlab.com/libtiff/libtiff/-/merge_requests/472
https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf (v4.5.1rc1)

EPSS

Процентиль: 0%

0.00008

Низкий

CVE-2023-26965

CVSS3: 5.5

ubuntu

около 2 лет назад

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

CVE-2023-26965

CVSS3: 5.5

redhat

около 2 лет назад

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

CVE-2023-26965

CVSS3: 5.5

nvd

около 2 лет назад

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

CVE-2023-26965

CVSS3: 5.5

msrc

около 2 лет назад

Описание отсутствует

GHSA-w5rm-7jx3-m7m4

CVSS3: 8.8

github

около 2 лет назад

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

EPSS

Процентиль: 0%

0.00008

Низкий