Описание
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
Отчет
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat Enterprise Linux 7, as they did not include the bmp2tiff tool.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libtiff | Not affected | ||
| Red Hat Enterprise Linux 6 | libtiff | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Not affected | ||
| Red Hat Enterprise Linux 7 | libtiff | Not affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in ...
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
4.3 Medium
CVSS2