Lucene search

Veracode Vulnerability DatabaseVERACODE:23793

HistoryApr 10, 2020 - 12:36 a.m.

Denial Of Service (DoS)

2020-04-1000:36:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

65.4%

JSON

libtiff is vulnerable to denial of service (DoS). The vulnerability exists as a buffer underwrite flaw was found in libtiff’s Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially-crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash).

CPENameOperatorVersion
libtiffeq3.5.7__22.el3
libtiffeq3.5.7__25.el3.1
libtiffeq3.5.7__31.el3
libtiffeq3.5.7__25.el3.4
libtiffeq3.5.7__22.el3
libtiffeq3.5.7__25.el3.1
libtiffeq3.5.7__31.el3
libtiffeq3.5.7__25.el3.4

Name	Operator	Version
libtiff	eq	3.5.7__22.el3
libtiff	eq	3.5.7__25.el3.1
libtiff	eq	3.5.7__31.el3
libtiff	eq	3.5.7__25.el3.4
libtiff	eq	3.5.7__22.el3
libtiff	eq	3.5.7__25.el3.1
libtiff	eq	3.5.7__31.el3
libtiff	eq	3.5.7__25.el3.4

References

bugzilla.maptools.org/show_bug.cgi?id=2065

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

lists.apple.com/archives/security-announce/2010/Feb/msg00000.html

lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

secunia.com/advisories/35695

secunia.com/advisories/35716

secunia.com/advisories/35866

secunia.com/advisories/35883

secunia.com/advisories/35912

secunia.com/advisories/36194

secunia.com/advisories/36831

secunia.com/advisories/38241

secunia.com/advisories/39135

security.gentoo.org/glsa/glsa-200908-03.xml

sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1

support.apple.com/kb/HT3937

support.apple.com/kb/HT4004

support.apple.com/kb/HT4013

support.apple.com/kb/HT4070

support.apple.com/kb/HT4105

www.debian.org/security/2009/dsa-1835

www.lan.st/showthread.php?t=1856&page=3

www.openwall.com/lists/oss-security/2009/06/22/1

www.openwall.com/lists/oss-security/2009/06/23/1

www.openwall.com/lists/oss-security/2009/06/29/5

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2009-1159.html

www.vupen.com/english/advisories/2009/1637

www.vupen.com/english/advisories/2009/2727

www.vupen.com/english/advisories/2009/3184

www.vupen.com/english/advisories/2010/0173

access.redhat.com/errata/RHSA-2009:1159

bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049

usn.ubuntu.com/797-1/

www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for VERACODE:23793