6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.1%
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted
TIFF document can lead to an abort resulting in a remote denial of service
attack.
Author | Note |
---|---|
mdeslaur | reported in libtiff, but issue lies in jbigkit as of 2018-03-22, no fix available this is a DoS only and is caused by the fact that jbigkit handles failed memory allocations with abort(). (See checked_malloc()). Fixing this properly would likely require changing the library ABI. |
ccdm94 | commit bc3293299b was released in 2020, and it seems to be the commit that fixes this issue, according to the commit message and according to tests made with the commit applied to jbigkit (the error no longer occurs once this fix is applied). |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jbigkit | < 2.1-3.1ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | jbigkit | < 2.1-3.1ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | jbigkit | < 2.1-3.1ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 22.10 | noarch | jbigkit | < 2.1-3.1ubuntu0.22.10.1 | UNKNOWN |
ubuntu | 23.04 | noarch | jbigkit | < 2.1-6ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | jbigkit | < 2.0-2ubuntu4.1+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | jbigkit | < 2.1-3.1ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.1%