Veracode Vulnerability DatabaseVERACODE:6095Denial Of Service (DoS) Through Heap Buffer Overflow
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
libtiff.so is vulnerable to denial of service (DoS) through heap-based buffer overflow attacks. The vulnerability exists in the t2p_write_pdf function in tools/tiff2pdf.c where a malicious TIFF file can cause denial of service (DoS), and possibly other attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libtiff.so | le | 3.9.7 | |
| libtiff | le | 4.0.6.2 |
References
bugzilla.maptools.org/show_bug.cgi?id=2704
www.securityfocus.com/bid/99296
bugzilla.suse.com/show_bug.cgi?id=1046077
github.com/vadz/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
lists.debian.org/debian-lts-announce/2017/12/msg00008.html
usn.ubuntu.com/3606-1/
www.debian.org/security/2018/dsa-4100
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P