Lucene search

K

Veracode Vulnerability DatabaseVERACODE:39027

HistoryJan 27, 2023 - 4:17 a.m.

Heap-Based Buffer Overflow

2023-01-2704:17:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

24

libtiff.so

heap-based buffer overflow

processcropselections

tiff image

buffer overflows

software

EPSS

0.001

Percentile

35.2%

libtiff.so is vulnerable to Heap-Based Buffer Overflow. An attacker is able to trigger buffer overflows by parsing a specially crafted TIFF image in the processCropSelections function of tools/tiffcrop.c.

References

gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

gitlab.com/libtiff/libtiff/-/issues/488

lists.debian.org/debian-lts-announce/2023/01/msg00037.html

security.gentoo.org/glsa/202305-31

security.netapp.com/advisory/ntap-20230302-0004/

www.debian.org/security/2023/dsa-5333

EPSS

0.001

Percentile

35.2%

Related for VERACODE:39027

debian2 rocky2 openvas25 nvd1 nessus42 oraclelinux2 debiancve1 redhatcve1 osv10 cnvd1 redhat7 cbl_mariner2 almalinux2 mageia1 cve1 ibm3 cvelist1 ubuntucve1 alpinelinux1 redos1 prion1 photon3 ubuntu2 gentoo1 hp1