CVE-2019-6128

Опубликовано: 04 янв. 2019

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

Отчет

This vulnerability is rated as moderate because a memory leak in LibTIFF’s TIFFFdOpen function within tif_unix.c could lead to a denial of service, exploitation requires user interaction, as an attacker must persuade a victim to open a specially crafted file. While this does not lead to code execution, repeated exploitation could impact application availability.

Меры по смягчению последствий

This bug could be mitigated by configuring process memory limits using cgroups.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libtiff	Will not fix
Red Hat Enterprise Linux 6	libtiff	Will not fix
Red Hat Enterprise Linux 7	libtiff	Will not fix
Red Hat Enterprise Linux 8	libtiff	Will not fix
Red Hat Enterprise Linux 8	mingw-libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-244

https://bugzilla.redhat.com/show_bug.cgi?id=1667122libtiff: memory leak in TIFFFdOpen function in tif_unix.c when using pal2rgb

EPSS

Процентиль: 84%

0.02119

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2019-6128

CVSS3: 8.8

ubuntu

около 7 лет назад

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

CVE-2019-6128

CVSS3: 8.8

nvd

около 7 лет назад

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

CVE-2019-6128

CVSS3: 8.8

debian

около 7 лет назад

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...

GHSA-56q3-8qv6-8rgp

CVSS3: 8.8

github

больше 3 лет назад

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

SUSE-SU-2019:14002-1

suse-cvrf

почти 7 лет назад

Security update for tiff

EPSS

Процентиль: 84%

0.02119

Низкий

6.5 Medium

CVSS3