Описание
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
A vulnerability was found in LibTIFF due to a NULL pointer dereference in the TIFFWriteDirectorySec function within tif_dirwrite.c, where an attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash and resulting in a denial of service condition.
Отчет
This vulnerability was rated as LOW severity because it requires the victim to open a specially crafted file. While it does not allow full system compromise, it can cause the application to crash temporarily.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 6 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Will not fix | ||
| Red Hat Enterprise Linux 7 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 8 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-libtiff | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
Уязвимость функции TIFFWriteDirectorySec программного обеспечения для просмотра, редактирования и конвертирования TIFF-файлов, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
3.3 Low
CVSS3