Описание
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
A denial of service flaw via segmentation fault has been found in libtiff. This segmentation fault vulnerability is caused by accessing invalid or corrupted memory addresses during memory deallocation operations. The root issue lies in the cleanup logic of the main function where the program attempts to free memory that has been corrupted or points to an invalid memory region.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libtiff | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libtiff | Out of support scope | ||
| Red Hat Enterprise Linux 8 | compat-libtiff3 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libtiff | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mingw-libtiff | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libtiff | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
libtiff up to v4.7.1 was discovered to contain a double free via the c ...
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
EPSS
5 Medium
CVSS3