Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-09847

Опубликовано: 17 июл. 2025
Источник: fstec
CVSS3: 2.5
CVSS2: 1
EPSS Низкий

Описание

Уязвимость функции PS_Lvl2page() библиотеки LibTIFF связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Вендор

АО «ИВК»
Silicon Graphics Corp.

Наименование ПО

Альт 8 СП
АЛЬТ СП 10
LibTIFF

Версия ПО

- (Альт 8 СП)
- (АЛЬТ СП 10)
4.6.0 (LibTIFF)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

АО «ИВК» Альт 8 СП -
АО «ИВК» АЛЬТ СП 10 -

Уровень опасности уязвимости

Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 1)
Низкий уровень опасности (базовая оценка CVSS 3.1 составляет 2,5)
Низкий уровень опасности (оценка CVSS 4.0 составляет 1,1)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b
https://gitlab.com/libtiff/libtiff/-/issues/718
https://gitlab.com/libtiff/libtiff/-/merge_requests/746
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства:https://altsp.su/obnovleniya-bezopasnosti/
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства:https://altsp.su/obnovleniya-bezopasnosti/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 8%
0.0003
Низкий

2.5 Low

CVSS3

1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2025-8534

CVSS3: 2.5
ubuntu
2 месяца назад

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

redhat логотип

CVE-2025-8534

CVSS3: 2.5
redhat
2 месяца назад

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

nvd логотип

CVE-2025-8534

CVSS3: 2.5
nvd
2 месяца назад

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

debian логотип

CVE-2025-8534

CVSS3: 2.5
debian
2 месяца назад

A vulnerability classified as problematic was found in libtiff 4.6.0. ...

github логотип

GHSA-xgh3-993q-r2x8

CVSS3: 2.5
github
2 месяца назад

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

EPSS

Процентиль: 8%
0.0003
Низкий

2.5 Low

CVSS3

1 Low

CVSS2