Описание
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
Отчет
Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 6 | libtiff | Fixed | RHSA-2016:1547 | 02.08.2016 |
| Red Hat Enterprise Linux 7 | libtiff | Fixed | RHSA-2016:1546 | 02.08.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
2.1 Low
CVSS2
Связанные уязвимости
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ...
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
EPSS
3.3 Low
CVSS3
2.1 Low
CVSS2