8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
April 9, 2019 Vladimir D. Seleznev 4.0.10.0.57.f9fc01c3-alt1
- Updated to v4.0.10-57-gf9fc01c3 (ALT [#36575](<https://bugzilla.altlinux.org/36575>), [#34677](<https://bugzilla.altlinux.org/34677>)).
- Applied SUSE patches:
+ tiff-4.0.3-seek.patch;
+ tiff-4.0.3-compress-warning.patch;
+ tiff-CVE-2018-12900.patch.
- Built with support of:
+ libjbig;
+ libwebp;
+ libzstd.
- Fixes:
+ CVE-2012-4564 Zero size buffer exploit in ppm2tiff;
+ CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip();
+ CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image();
+ CVE-2013-4243 Heap-based buffer overflow in the readgifimage();
+ CVE-2013-4244 DoS or possible RCE via crafted GIF image;
+ CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool;
+ CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf;
+ CVE-2014-8130 Divide-by-zero error in _TIFFmalloc();
+ CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif;
+ CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak);
+ CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C