ROSA LABROSA-SA-2024-2429Advisory ROSA-SA-2024-2429
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.2%
Software: libtiff 4.0.9
OS: ROSA Virtualization 2.1
package_evr_string: libtiff-4.0.9-28.rv3
CVE-ID: CVE-2023-2731
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A null pointer dereferencing bug was found in the LZWDecode() function of the Libtiff library in the libtiff/tif_lzw.c file. This flaw allows a local attacker to create certain inputs that could cause a program to dereference a NULL pointer when decompressing a TIFF file, resulting in a program crash or denial of service.
CVE-STATUS: Not Relevant
CVE-REV:
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.2%