CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
79.5%
The updated libtiff packages fix security vulnerabilities: - Integer overflow in tif_getimage.c (CVE-2020-35523). - Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524). - Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the βTIFFVGetFieldβ funtion in the component βlibtiff/tif_dir.cβ. (CVE-2020-19143) - Memory allocation failure in tiff2rgba (CVE-2020-35521) - Memory allocation failure in tiff2rgba (CVE-2020-35522)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | libtiff | <Β 4.2.0-1 | libtiff-4.2.0-1.mga7 |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
79.5%