Описание
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
4 Medium
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).
In LibTIFF 4.0.6 and possibly other versions, the program processes BM ...
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
Уязвимость компонента bmp2tiff библиотеки LibTIFF, позволяющая нарушителю получить доступ на чтение данных за границами буфера, выделенного в динамической памяти
EPSS
9.8 Critical
CVSS3
4 Medium
CVSS3
7.5 High
CVSS2