Описание
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.5.0 (включая)
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00008
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 5.5
ubuntu
почти 3 года назад
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVSS3: 5.5
redhat
почти 3 года назад
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVSS3: 5.5
msrc
почти 3 года назад
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g. "WRITE of size 307203") via a crafted TIFF image.
CVSS3: 5.5
debian
почти 3 года назад
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has ...
EPSS
Процентиль: 1%
0.00008
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-787