6.5

CVE-2019-7663

Exploit
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version4.0.10
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
OpensuseLeap Version15.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.37% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://security.gentoo.org/glsa/202003-25
https://usn.ubuntu.com/3906-1/
Third Party Advisory
https://usn.ubuntu.com/3906-2/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4670
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html
Third Party Advisory
Mailing List
http://bugzilla.maptools.org/show_bug.cgi?id=2833
Patch
Third Party Advisory
Exploit
Issue Tracking
https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
Patch
Third Party Advisory