7.8

CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version < 4.2.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version33
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
https://security.gentoo.org/glsa/202104-06
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210521-0009/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2021/dsa-4869
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1932044
Patch
Third Party Advisory
Issue Tracking
https://gitlab.com/libtiff/libtiff/-/merge_requests/159
Patch
Third Party Advisory
https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
Patch
Third Party Advisory