4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.019 Low
EPSS
Percentile
88.6%
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes
incorrect calls to the TIFFGetField function, which allows remote attackers
to cause a denial of service (application crash) via a crafted TIFF image,
related to “downsampled OJPEG input” and possibly related to a compiler
optimization that triggers a divide-by-zero error.