ALT-PU-2021-1345-1
Closed vulnerabilities
BDU:2021-01525
Уязвимость модуля конвертации изображения TIFF в RGBA tiff2rgba библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01526
Уязвимость файла tif_getimage.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код
BDU:2021-01527
Уязвимость модуля конвертации изображения TIFF в PDF TIFF2PDF библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01529
Уязвимость файла tif_read.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-35521
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Modified: 2024-11-21
CVE-2020-35522
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
Modified: 2024-11-21
CVE-2020-35523
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1932040
- https://bugzilla.redhat.com/show_bug.cgi?id=1932040
- https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
- https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
- https://gitlab.com/libtiff/libtiff/-/merge_requests/160
- https://gitlab.com/libtiff/libtiff/-/merge_requests/160
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- FEDORA-2021-1bf4f2f13a
- FEDORA-2021-1bf4f2f13a
- GLSA-202104-06
- GLSA-202104-06
- https://security.netapp.com/advisory/ntap-20210521-0009/
- https://security.netapp.com/advisory/ntap-20210521-0009/
- DSA-4869
- DSA-4869
Modified: 2024-11-21
CVE-2020-35524
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1932044
- https://bugzilla.redhat.com/show_bug.cgi?id=1932044
- https://gitlab.com/libtiff/libtiff/-/merge_requests/159
- https://gitlab.com/libtiff/libtiff/-/merge_requests/159
- https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
- https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- FEDORA-2021-1bf4f2f13a
- FEDORA-2021-1bf4f2f13a
- GLSA-202104-06
- GLSA-202104-06
- https://security.netapp.com/advisory/ntap-20210521-0009/
- https://security.netapp.com/advisory/ntap-20210521-0009/
- DSA-4869
- DSA-4869