CVE-2023-26733

Опубликовано: 04 апр. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.

Ссылки

https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/README.md
Exploit
Third Party Advisory
https://github.com/jkriege2/TinyTIFF/issues/19
Exploit
Issue Tracking
Vendor Advisory
https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/README.md
Exploit
Third Party Advisory
https://github.com/jkriege2/TinyTIFF/issues/19
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tinytiff_project:tinytiff:3.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00108

Низкий

7.8 High

CVSS3

Дефекты

CWE-120

Связанные уязвимости

GHSA-x6cc-r4w4-6rjq