ALT-PU-2021-1345-1

BDU:2021-01525

MEDIUM6.5

Уязвимость модуля конвертации изображения TIFF в RGBA tiff2rgba библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-03-22Modified: 2022-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

CVE-2020-35522

BDU:2021-01526

HIGH8.8

Уязвимость файла tif_getimage.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код

Published: 2021-03-22Modified: 2023-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

References

CVE-2020-35523

BDU:2021-01527

HIGH8.8

Уязвимость модуля конвертации изображения TIFF в PDF TIFF2PDF библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2021-03-22Modified: 2023-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

References

CVE-2020-35524

BDU:2021-01529

HIGH8.8

Уязвимость файла tif_read.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2021-03-22Modified: 2022-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

References

CVE-2020-35521

CVE-2020-35521

MEDIUM5.5

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

Published: 2021-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2020-35522

MEDIUM5.5

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

Published: 2021-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2020-35523

HIGH7.8

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published: 2021-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2020-35524

HIGH7.8

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published: 2021-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Package update libtiff in branch sisyphus

Closed issues (8)

Уязвимость модуля конвертации изображения TIFF в RGBA tiff2rgba библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость файла tif_getimage.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код

Уязвимость модуля конвертации изображения TIFF в PDF TIFF2PDF библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость файла tif_read.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.