Описание
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
A flaw was found in libtiff. The setrow function in file tools/thumbnail.c contains a buffer overflow vulnerability triggered by manipulation of image data, which can allow a local attacker to cause a denial of service. This overflow occurs when processing a crafted file. The vulnerability stems from insufficient bounds checking during row data assignment.
Отчет
This vulnerability has been rated Important because it involves a buffer overflow in the setrow function of LibTIFF’s thumbnail tool, which could allow a local attacker to execute arbitrary code or cause a denial of service. While the attack requires local access, successful exploitation could result in loss of confidentiality, integrity, and availability of the affected system.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libtiff | Not affected | ||
| Red Hat Enterprise Linux 6 | libtiff | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-libtiff3 | Not affected | ||
| Red Hat Enterprise Linux 8 | compat-libtiff3 | Not affected | ||
| Red Hat Enterprise Linux 8 | libtiff | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-libtiff | Not affected | ||
| Red Hat Enterprise Linux 9 | libtiff | Not affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libtiff | Fixed | RHSA-2025:21407 | 17.11.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as ...
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
EPSS
7.8 High
CVSS3