CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
9.6%
A flaw was found in the libtiff library. An out-of-memory issue in the
TIFFReadEncodedStrip function can be triggered when processing a crafted
tiff file, allowing attackers to perform memory allocation of arbitrary
sizes, resulting in a denial of service.
Author | Note |
---|---|
Priority reason: Only a resource consumption DoS via API misuse | |
sbeattie | texmaker added an embedded copy of libtiff in bionic |
mdeslaur | Per the tiff developers, this API can’t perform restrictions on imagewidth and imagelength, as high values are also valid. Application developers should be using the TIFFOpenOptionsSetMaxSingleMemAlloc() API. The upstream bug is likely to get closed, and this CVE rejected. Marking as deferred for now. |