Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-35523

Published: 09/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an malicious user to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff

debian debian linux 9.0

debian debian linux 10.0

netapp ontap select deploy administration utility -

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

Vendor Advisories

Debian Security Advisories: DSA-4869-1 tiff -- security update
Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed For the stable distribution (buster), these problems have been fixed in version 410+git191117-2~deb10u2 We recommend that you upgrade your tiff pa ...
Amazon Linux 2: ALAS2-2022-1780
Integer overflow in the writeBufferToSeparateStrips function in tiffcropc in LibTIFF before 407 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file (CVE-2016-9532) A flaw was found in libtiff Due to a memory allocation failure in tif_readc, a crafted TIFF file can lead to an abort, resulting in den ...
Amazon Linux AMI: ALAS-2022-1625
Integer overflow in the writeBufferToSeparateStrips function in tiffcropc in LibTIFF before 407 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file (CVE-2016-9532) A flaw was found in libtiff Due to a memory allocation failure in tif_readc, a crafted TIFF file can lead to an abort, resulting in den ...

References

CWE-190https://gitlab.com/libtiff/libtiff/-/merge_requests/160https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2https://bugzilla.redhat.com/show_bug.cgi?id=1932040https://www.debian.org/security/2021/dsa-4869https://security.gentoo.org/glsa/202104-06https://security.netapp.com/advisory/ntap-20210521-0009/https://lists.debian.org/debian-lts-announce/2021/06/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4869
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook