Описание
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Secure baseline configurations provide a strong foundation for maintaining a secure and resilient environment. Rigorous testing and development practices (SAST, DAST, etc.) identify and address memory vulnerabilities before they are promoted to Red Hat production platforms, and the malicious code protection used further mitigates impacts by detecting, blocking, and responding to exploitation attempts. The platform uses OS versions that inherit certain security tools and features from RHEL that are enabled by default, such as SELinux and Address Space Layout Randomization (ASLR). Least functionality and process isolation minimizes the attack surface by disabling unauthorized services and ports and containing any corruption within the originating process, preventing it from affecting other processes or the system as a whole.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 8 | compat-libtiff3 | Will not fix | ||
| Red Hat Enterprise Linux 8 | libtiff | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-libtiff | Will not fix | ||
| Red Hat Enterprise Linux 9 | compat-libtiff3 | Affected | ||
| Red Hat Enterprise Linux 9 | libtiff | Fixed | RHSA-2023:6575 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue ...
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
Уязвимость утилиты tiffcrop библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3