9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
libtiff is vulnerable to buffer overflow attacks. This occurs when dealing with unusual tile size like YCbCr with subsampling which may leads to the assertion failures in debug mode or buffer overflows in release mode causing the application to crash.
rhn.redhat.com/errata/RHSA-2017-0225.html
www.debian.org/security/2017/dsa-3844
www.securityfocus.com/bid/94484
www.securityfocus.com/bid/94744
access.redhat.com/errata/RHSA-2017:0225
access.redhat.com/security/updates/classification/#moderate
github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P