CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
75.1%
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the
t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead
to different damages. For example, a crafted TIFF document can lead to an
out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or
t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in
t2p_free. Given these possibilities, it probably could cause arbitrary code
execution.
Author | Note |
---|---|
ratliff | reproducer errors out rather than crashing on trusty & zesty |
sbeattie | possibly only affects tiff tools, not libtiff itself |
mdeslaur | patch in upstream bug we will not be fixing this issue in precise/esm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
75.1%