CVE-2023-26966

Опубликовано: 29 июн. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

Ссылки

https://gitlab.com/libtiff/libtiff/-/issues/530
Exploit
Issue Tracking
Patch
https://gitlab.com/libtiff/libtiff/-/merge_requests/473
Patch
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
https://gitlab.com/libtiff/libtiff/-/issues/530
Exploit
Issue Tracking
Patch
https://gitlab.com/libtiff/libtiff/-/merge_requests/473
Patch
https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libtiff:libtiff:4.5.0:-:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00026

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-120

Связанные уязвимости

CVE-2023-26966

CVSS3: 5.5

ubuntu

больше 2 лет назад

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVE-2023-26966

CVSS3: 5.5

redhat

больше 2 лет назад

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVE-2023-26966

CVSS3: 5.5

msrc

больше 2 лет назад

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVE-2023-26966

CVSS3: 5.5

debian

больше 2 лет назад

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when lib ...

GHSA-wg7m-6ff7-7pcj

CVSS3: 9.8

github

больше 2 лет назад

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

EPSS

Процентиль: 6%

0.00026

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-120