4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.049 Low
EPSS
Percentile
92.7%
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to
cause a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a
long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3
are disputed by Red Hat, which states that the input cannot exceed the
allocated buffer size.
Author | Note |
---|---|
jdstrand | tiff3 does not build tiff-tools |