CVE-2018-5360

Опубликовано: 12 янв. 2018

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

Отчет

This vulnerability is rated as low severity because it allows a remote attacker to cause a heap-based buffer over-read, it could lead to information leakage, it does not compromise system security or integrity.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libtiff	Will not fix
Red Hat Enterprise Linux 6	libtiff	Will not fix
Red Hat Enterprise Linux 7	libtiff	Will not fix
Red Hat Enterprise Linux 8	libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1535494LibTIFF: heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c

EPSS

Процентиль: 63%

0.00456

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-5360

CVSS3: 8.8

ubuntu

около 8 лет назад

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

CVE-2018-5360

CVSS3: 8.8

nvd

около 8 лет назад

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

CVE-2018-5360

CVSS3: 8.8

debian

около 8 лет назад

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstr ...

GHSA-5949-jg6x-h5jp

CVSS3: 8.8

github

больше 3 лет назад

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

EPSS

Процентиль: 63%

0.00456

Низкий

3.3 Low

CVSS3