Описание
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Отчет
Red Hat has determined that this vulnerability has a low severity due to the fact that a potential crash in an application using the vulnerable tiffcp utility will most likely lead to temporary disruptions in availability; there are no indications that this vulnerability will lead to long-term or persistent downtime resulting from a crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 8 | compat-libtiff3 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libtiff | Fixed | RHSA-2024:5079 | 07.08.2024 |
| Red Hat Enterprise Linux 9 | libtiff | Fixed | RHSA-2024:2289 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
An issue was found in the tiffcp utility distributed by the libtiff pa ...
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
EPSS
3.3 Low
CVSS3