Lucene search
Ubuntu.comUB:CVE-2024-6716HistoryAug 16, 2024 - 12:00 a.m.
CVE-2024-6716
2024-08-1600:00:00
ubuntu.com
ubuntu.com
2
texmaker
libtiff
bionic
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
9.6%
A flaw was found in the libtiff library. An out-of-memory issue in the
TIFFReadEncodedStrip function can be triggered when processing a crafted
tiff file, allowing attackers to perform memory allocation of arbitrary
sizes, resulting in a denial of service.
Bugs
- <https://gitlab.com/libtiff/libtiff/-/issues/620>
- <https://gitlab.com/libtiff/libtiff/-/issues/619 (related)>
- <https://bugzilla.redhat.com/show_bug.cgi?id=2297636>
Notes
| Author | Note |
|---|---|
| Priority reason: Only a resource consumption DoS via API misuse | |
| sbeattie | texmaker added an embedded copy of libtiff in bionic |
| mdeslaur | Per the tiff developers, this API can’t perform restrictions on imagewidth and imagelength, as high values are also valid. Application developers should be using the TIFFOpenOptionsSetMaxSingleMemAlloc() API. The upstream bug is likely to get closed, and this CVE rejected. Marking as deferred for now. |
Related
osv
osv
CVE-2024-6716
2024-07-15 15:15:10
cvelist
cvelist
CVE-2024-6716
2024-07-15 14:43:52
debiancve
debiancve
CVE-2024-6716
2024-07-15 15:15:10
redos
redos
ROS-20240806-20
2024-08-06 00:00:00
vulnrichment
vulnrichment
CVE-2024-6716
2024-07-15 14:43:52
cve
cve
CVE-2024-6716
2024-07-15 15:15:10
redhatcve
redhatcve
CVE-2024-6716
2024-07-12 18:34:08
nvd
nvd
CVE-2024-6716
2024-07-15 15:15:10
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
9.6%
Related for UB:CVE-2024-6716