Lucene search

Veracode Vulnerability DatabaseVERACODE:44156

HistoryNov 06, 2023 - 10:53 a.m.

Denial Of Service (DoS)

2023-11-0610:53:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libtiff

dos

vulnerability

tiffreaddirentryarray

memory allocation

application crash

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

LibTIFF is vulnerable to Denial of Service. The vulnerability is due to mishandling memory allocation for short files in the TIFFReadDirEntryArray function. This can potentially lead to an allocation failure and application crash.

CPENameOperatorVersion
libtiff.sole5.2.6
libtiff.sole5.2.6

CPE	Name	Operator	Version
	libtiff.so	le	5.2.6
	libtiff.so	le	5.2.6

References

github.com/advisories/GHSA-r6g8-rrwj-46q5

gitlab.com/libtiff/libtiff/-/commit/7057734d986001b7fd6d2afde9667da7754ff2cc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for VERACODE:44156