Описание
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
A heap-based buffer overflow exists in libtiff in TIFFmemcpy. This flaw allows an attacker to craft a specific TIFF file, possibly causing a denial of service that results in a loss of the system’s availability.
Отчет
Red Hat has determined that this vulnerability is of low impact as successful exploitation relies on convincing a user to manually open a malicious file with tiffcp and bypassing security mechanisms such ASLR.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 8 | compat-libtiff3 | Will not fix | ||
| Red Hat Enterprise Linux 8 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 9 | libtiff | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in ...
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
Уязвимость функции _TIFFmemcpy (tif_unix.с) библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
5.5 Medium
CVSS3