5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.3%
A vulnerability in the LZWDecode() function of the LibTIFF library is related to a null pointer dereferencing error in the
libtiff/tif_lzw.c file. Exploitation of the vulnerability could allow an attacker to create certain
input data that could cause a program to dereference a NULL pointer when decompressing a TIFTIFF file.
unpacking a TIFF file, resulting in a program crash or denial of service.
The LibTIFF library vulnerability is related to a boundary error in the extractContigSamples32bits() function in the file
tiffcrop.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a
a heap buffer overflow.
The vulnerability in the LibTIFF library is related to a boundary error associated with the values of TIFFTAG_INKNAMES
and TIFFTAG_NUMBEROFINKS. Exploitation of the vulnerability could allow an attacker acting remotely,
to cause a heap buffer overflow.