10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.129 Low
EPSS
Percentile
95.4%
In an iDEFENSE Security Advisory infamous41md reports:
Remote exploitation of a heap-based buffer overflow
vulnerability within the LibTIFF package could allow
attackers to execute arbitrary code.
The vulnerability specifically exists due to insufficient
validation of user-supplied data when calculating the size
of a directory entry. A TIFF file includes a number of
directory entry header fields that describe the data in
the file. Included in these entries is an entry count and
offset value that are calculated to determine the size and
location of the data for that entry.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | tiff | < 3.7.1 | UNKNOWN |
FreeBSD | any | noarch | linux-tiff | < 3.6.1_1 | UNKNOWN |
FreeBSD | any | noarch | pdflib | < 6.0.1_1 | UNKNOWN |
FreeBSD | any | noarch | pdflib-perl | < 6.0.1_1 | UNKNOWN |
FreeBSD | any | noarch | gdal | < 1.2.1_2 | UNKNOWN |
FreeBSD | any | noarch | ivtools | < 1.2.3 | UNKNOWN |
FreeBSD | any | noarch | paraview | < 2.4.3 | UNKNOWN |
FreeBSD | any | noarch | fractorama | < 1.6.7_1 | UNKNOWN |