Vulnerability-Lookup

CVE-2020-35523 (GCVE-0-2020-35523)

Vulnerability from cvelistv5 – Published: 2021-03-09 19:17 – Updated: 2024-08-04 17:02

Summary

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Severity ?

No CVSS data available.

CWE

CWE-190

Assigner

redhat

References

8 references

URL	Tags
https://gitlab.com/libtiff/libtiff/-/commit/c8d61…	x_refsource_MISC
https://gitlab.com/libtiff/libtiff/-/merge_requests/160	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1932040	x_refsource_MISC
https://www.debian.org/security/2021/dsa-4869	vendor-advisoryx_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202104-06	vendor-advisoryx_refsource_GENTOO
https://security.netapp.com/advisory/ntap-2021052…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	libtiff	Affected: libtiff 4.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
          },
          {
            "name": "DSA-4869",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4869"
          },
          {
            "name": "FEDORA-2021-1bf4f2f13a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
          },
          {
            "name": "GLSA-202104-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
          },
          {
            "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-28T01:06:13.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
        },
        {
          "name": "DSA-4869",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4869"
        },
        {
          "name": "FEDORA-2021-1bf4f2f13a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
        },
        {
          "name": "GLSA-202104-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
        },
        {
          "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libtiff",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "libtiff 4.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
            },
            {
              "name": "DSA-4869",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4869"
            },
            {
              "name": "FEDORA-2021-1bf4f2f13a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
            },
            {
              "name": "GLSA-202104-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
            },
            {
              "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35523",
    "datePublished": "2021-03-09T19:17:24.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:02:08.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-35523",
      "date": "2026-05-20",
      "epss": "0.00227",
      "percentile": "0.45388"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.2.0\", \"matchCriteriaId\": \"EAB546DE-E71F-4091-A51C-E7E65587F25D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c.\u0026#xa0;Este fallo permite a un atacante inyectar y ejecutar c\\u00f3digo arbitrario cuando un usuario abre un archivo TIFF dise\\u00f1ado.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema\"}]",
      "id": "CVE-2020-35523",
      "lastModified": "2024-11-21T05:27:29.650",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-03-09T20:15:12.963",
      "references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1932040\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/merge_requests/160\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202104-06\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210521-0009/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4869\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1932040\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/merge_requests/160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202104-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210521-0009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4869\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-35523\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-09T20:15:12.963\",\"lastModified\":\"2024-11-21T05:27:29.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c.\u0026#xa0;Este fallo permite a un atacante inyectar y ejecutar c\u00f3digo arbitrario cuando un usuario abre un archivo TIFF dise\u00f1ado.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.0\",\"matchCriteriaId\":\"EAB546DE-E71F-4091-A51C-E7E65587F25D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1932040\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/merge_requests/160\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202104-06\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210521-0009/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4869\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1932040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/merge_requests/160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202104-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210521-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2024-AVI-1103

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01
IBM	QRadar SIEM	Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001

References

Title

Publication Time

CERTFR-2024-AVI-1103

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01
IBM	QRadar SIEM	Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001

References

Title

Publication Time

alsa-2021:4241

Vulnerability from osv_almalinux

Published

2021-11-09 08:50

Modified

2021-11-12 10:21

Summary

Moderate: libtiff security and bug fix update

Details

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)
libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)
libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521)
libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35522)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://vulners.com/cve/CVE-2020-35521	REPORT
	https://vulners.com/cve/CVE-2020-35522	REPORT
	https://vulners.com/cve/CVE-2020-35523	REPORT
	https://vulners.com/cve/CVE-2020-35524	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libtiff"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.9-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libtiff-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.9-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libtiff-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.9-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)\n\n* libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)\n\n* libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521)\n\n* libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35522)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:4241",
  "modified": "2021-11-12T10:21:01Z",
  "published": "2021-11-09T08:50:38Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-35521"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-35522"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-35523"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-35524"
    }
  ],
  "related": [
    "CVE-2020-35523",
    "CVE-2020-35524",
    "CVE-2020-35521",
    "CVE-2020-35522"
  ],
  "summary": "Moderate: libtiff security and bug fix update"
}

BDU:2021-01526

Vulnerability from fstec - Published: 10.11.2020

Title

Уязвимость файла tif_getimage.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость файла tif_getimage.c библиотеки LibTIFF связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально созданного TIFF файла

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», Silicon Graphics Corp., АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), LibTIFF, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), до 4.2.0 (LibTIFF), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для LibTIFF: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 https://gitlab.com/libtiff/libtiff/-/merge_requests/160 Для Debian GNU/Linux: https://www.debian.org/security/2021/dsa-4869 Для Ubuntu: https://ubuntu.com/security/notices/USN-4755-1 Для РЕД ОС: Обновление программного средства до актуальной версии Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Для ОСОН Основа: Обновление программного обеспечения tiff до версии 4.1.0+git191117-2~deb10u2 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет tiff до 4.0.8-2+deb9u8+ci202212131103+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения tiff до версии 4.0.8-2+deb9u8

Reference

https://www.securitylab.ru/vulnerability/517425.php https://www.cybersecurity-help.cz/vdb/SB2021031406 https://bugzilla.redhat.com/show_bug.cgi?id=1932040 https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 https://gitlab.com/libtiff/libtiff/-/merge_requests/160 https://www.debian.org/security/2021/dsa-4869 https://nvd.nist.gov/vuln/detail/CVE-2020-35523 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Silicon Graphics Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), \u0434\u043e 4.2.0 (LibTIFF), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f LibTIFF:\nhttps://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 \nhttps://gitlab.com/libtiff/libtiff/-/merge_requests/160\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2021/dsa-4869\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4755-1\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f tiff \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.1.0+git191117-2~deb10u2\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 tiff \u0434\u043e 4.0.8-2+deb9u8+ci202212131103+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f tiff \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.0.8-2+deb9u8",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.11.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.03.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01526",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-35523",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), LibTIFF, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 20.10 , Silicon Graphics Corp. LibTIFF \u0434\u043e 4.2.0 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 tif_getimage.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibTIFF, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 tif_getimage.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibTIFF \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e TIFF \u0444\u0430\u0439\u043b\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/vulnerability/517425.php\nhttps://www.cybersecurity-help.cz/vdb/SB2021031406\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1932040 \nhttps://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 \nhttps://gitlab.com/libtiff/libtiff/-/merge_requests/160 \nhttps://www.debian.org/security/2021/dsa-4869\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35523\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2022-05534

Vulnerability from cnvd - Published: 2022-01-19

Title

libtiff整数溢出漏洞

Description

Libtiff是一个用于读取和写入标记图像文件格式（缩写为TIFF）文件的库。 libtiff中的tif_getimage.c存在整数溢出漏洞。攻击者可通过特制TIFF文件利用该漏洞注入并执行任意代码。

Severity

中

Patch Name

libtiff整数溢出漏洞的补丁

Patch Description

Libtiff是一个用于读取和写入标记图像文件格式（缩写为TIFF）文件的库。 libtiff中的tif_getimage.c存在整数溢出漏洞。攻击者可通过特制TIFF文件利用该漏洞注入并执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-35523

Impacted products

Name
Libtiff Libtiff <4.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-35523",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523"
    }
  },
  "description": "Libtiff\u662f\u4e00\u4e2a\u7528\u4e8e\u8bfb\u53d6\u548c\u5199\u5165\u6807\u8bb0\u56fe\u50cf\u6587\u4ef6\u683c\u5f0f\uff08\u7f29\u5199\u4e3aTIFF\uff09\u6587\u4ef6\u7684\u5e93\u3002\n\nlibtiff\u4e2d\u7684tif_getimage.c\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236TIFF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-05534",
  "openTime": "2022-01-19",
  "patchDescription": "Libtiff\u662f\u4e00\u4e2a\u7528\u4e8e\u8bfb\u53d6\u548c\u5199\u5165\u6807\u8bb0\u56fe\u50cf\u6587\u4ef6\u683c\u5f0f\uff08\u7f29\u5199\u4e3aTIFF\uff09\u6587\u4ef6\u7684\u5e93\u3002\r\n\r\nlibtiff\u4e2d\u7684tif_getimage.c\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236TIFF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "libtiff\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Libtiff Libtiff \u003c4.2.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-10",
  "title": "libtiff\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2020-35523

Vulnerability from fkie_nvd - Published: 2021-03-09 20:15 - Updated: 2024-11-21 05:27

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1932040	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2	Patch, Third Party Advisory
secalert@redhat.com	https://gitlab.com/libtiff/libtiff/-/merge_requests/160	Patch, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
secalert@redhat.com	https://security.gentoo.org/glsa/202104-06	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20210521-0009/	Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2021/dsa-4869	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1932040	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/libtiff/libtiff/-/merge_requests/160	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202104-06	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210521-0009/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4869	Third Party Advisory

Impacted products

Vendor	Product	Version
libtiff	libtiff	*
debian	debian_linux	9.0
debian	debian_linux	10.0
netapp	ontap_select_deploy_administration_utility	-
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB546DE-E71F-4091-A51C-E7E65587F25D",
              "versionEndExcluding": "4.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c.\u0026#xa0;Este fallo permite a un atacante inyectar y ejecutar c\u00f3digo arbitrario cuando un usuario abre un archivo TIFF dise\u00f1ado.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2020-35523",
  "lastModified": "2024-11-21T05:27:29.650",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-09T20:15:12.963",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-06"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4869"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

GHSA-5V72-4Q26-MQ7P

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-07-31 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-35523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-09T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
  "id": "GHSA-5v72-4q26-mq7p",
  "modified": "2022-07-31T00:00:59Z",
  "published": "2022-05-24T17:43:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-06"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210521-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4869"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-35523

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-35523

Aliases

CVE-2020-35523

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-35523",
    "description": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
    "id": "GSD-2020-35523",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-35523.html",
      "https://www.debian.org/security/2021/dsa-4869",
      "https://access.redhat.com/errata/RHSA-2021:4241",
      "https://ubuntu.com/security/CVE-2020-35523",
      "https://advisories.mageia.org/CVE-2020-35523.html",
      "https://linux.oracle.com/cve/CVE-2020-35523.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-35523.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-35523"
      ],
      "details": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
      "id": "GSD-2020-35523",
      "modified": "2023-12-13T01:22:00.717426Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-35523",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "libtiff",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "libtiff 4.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-190"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2",
            "refsource": "MISC",
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
          },
          {
            "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160",
            "refsource": "MISC",
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
          },
          {
            "name": "DSA-4869",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4869"
          },
          {
            "name": "FEDORA-2021-1bf4f2f13a",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
          },
          {
            "name": "GLSA-202104-06",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202104-06"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
          },
          {
            "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c4.2.0",
          "affected_versions": "All versions before 4.2.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-190",
            "CWE-937"
          ],
          "date": "2021-06-28",
          "description": "An integer overflow flaw was found in libtiff that exists in the `tif_getimage.c` file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "fixed_versions": [
            "4.2.0"
          ],
          "identifier": "CVE-2020-35523",
          "identifiers": [
            "CVE-2020-35523"
          ],
          "not_impacted": "All versions starting from 4.2.0",
          "package_slug": "conan/libtiff",
          "pubdate": "2021-03-09",
          "solution": "Upgrade to version 4.2.0 or above.",
          "title": "Integer Overflow or Wraparound",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-35523",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
          ],
          "uuid": "38792548-5ec5-4907-9ac6-077da321e61c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35523"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
            },
            {
              "name": "DSA-4869",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4869"
            },
            {
              "name": "FEDORA-2021-1bf4f2f13a",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
            },
            {
              "name": "GLSA-202104-06",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202104-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
            },
            {
              "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-30T03:48Z",
      "publishedDate": "2021-03-09T20:15Z"
    }
  }
}

MSRC_CVE-2020-35523

Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2021-12-16 00:00

Summary

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2020-35523

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 19128-16820		—
Unresolved product id: 19129-17086		—

Known affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 16820-2		—	Vendor Fix fix
Unresolved product id: 17086-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2020-35523 An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality integrity as well as system availability. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-35523.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.",
    "tracking": {
      "current_release_date": "2021-12-16T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T21:50:22.141Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2020-35523",
      "initial_release_date": "2021-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-03-17T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2021-12-16T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added libtiff to CBL-Mariner 2.0"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 libtiff 4.1.0-2",
                "product": {
                  "name": "\u003ccm1 libtiff 4.1.0-2",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 libtiff 4.1.0-2",
                "product": {
                  "name": "cm1 libtiff 4.1.0-2",
                  "product_id": "19128"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 libtiff 4.1.0-3",
                "product": {
                  "name": "\u003ccbl2 libtiff 4.1.0-3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 libtiff 4.1.0-3",
                "product": {
                  "name": "cbl2 libtiff 4.1.0-3",
                  "product_id": "19129"
                }
              }
            ],
            "category": "product_name",
            "name": "libtiff"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 libtiff 4.1.0-2 as a component of CBL Mariner 1.0",
          "product_id": "16820-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 libtiff 4.1.0-2 as a component of CBL Mariner 1.0",
          "product_id": "19128-16820"
        },
        "product_reference": "19128",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 libtiff 4.1.0-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 libtiff 4.1.0-3 as a component of CBL Mariner 2.0",
          "product_id": "19129-17086"
        },
        "product_reference": "19129",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-35523",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19128-16820",
          "19129-17086"
        ],
        "known_affected": [
          "16820-2",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-35523 An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality integrity as well as system availability. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-35523.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-17T00:00:00.000Z",
          "details": "4.1.0-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2021-03-17T00:00:00.000Z",
          "details": "4.1.0-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-2",
            "17086-1"
          ]
        }
      ],
      "title": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality integrity as well as system availability."
    }
  ]
}

OPENSUSE-SU-2022:0480-1

Vulnerability from csaf_opensuse - Published: 2022-02-17 14:11 - Updated: 2022-02-17 14:11

Summary

Security update for tiff

Severity

Important

Notes

Title of the patch: Security update for tiff

Description of the patch: This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).

Patchnames: openSUSE-SLE-15.3-2022-480,openSUSE-SLE-15.4-2022-480

CVE-2017-17095

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17546

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-19131

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35521

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35522

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35523

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35524

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-22844

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

40 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1071031	self
https://bugzilla.suse.com/1154365	self
https://bugzilla.suse.com/1182808	self
https://bugzilla.suse.com/1182809	self
https://bugzilla.suse.com/1182811	self
https://bugzilla.suse.com/1182812	self
https://bugzilla.suse.com/1190312	self
https://bugzilla.suse.com/1194539	self
https://www.suse.com/security/cve/CVE-2017-17095/	self
https://www.suse.com/security/cve/CVE-2019-17546/	self
https://www.suse.com/security/cve/CVE-2020-19131/	self
https://www.suse.com/security/cve/CVE-2020-35521/	self
https://www.suse.com/security/cve/CVE-2020-35522/	self
https://www.suse.com/security/cve/CVE-2020-35523/	self
https://www.suse.com/security/cve/CVE-2020-35524/	self
https://www.suse.com/security/cve/CVE-2022-22844/	self
https://www.suse.com/security/cve/CVE-2017-17095	external
https://bugzilla.suse.com/1071031	external
https://www.suse.com/security/cve/CVE-2019-17546	external
https://bugzilla.suse.com/1154365	external
https://www.suse.com/security/cve/CVE-2020-19131	external
https://bugzilla.suse.com/1190312	external
https://www.suse.com/security/cve/CVE-2020-35521	external
https://bugzilla.suse.com/1182808	external
https://bugzilla.suse.com/1200195	external
https://www.suse.com/security/cve/CVE-2020-35522	external
https://bugzilla.suse.com/1182809	external
https://bugzilla.suse.com/1200195	external
https://www.suse.com/security/cve/CVE-2020-35523	external
https://bugzilla.suse.com/1182811	external
https://bugzilla.suse.com/1200195	external
https://www.suse.com/security/cve/CVE-2020-35524	external
https://bugzilla.suse.com/1182812	external
https://bugzilla.suse.com/1200195	external
https://www.suse.com/security/cve/CVE-2022-22844	external
https://bugzilla.suse.com/1194539	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tiff",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tiff fixes the following issues:\n\n- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).\n- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).\n- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).\n- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).\n- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).\n- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).\n- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).\n- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-SLE-15.3-2022-480,openSUSE-SLE-15.4-2022-480",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0480-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2022:0480-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7OF4G5SOPBRKT4CZJV5MAQLV5LXXFO62/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2022:0480-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7OF4G5SOPBRKT4CZJV5MAQLV5LXXFO62/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1071031",
        "url": "https://bugzilla.suse.com/1071031"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154365",
        "url": "https://bugzilla.suse.com/1154365"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182808",
        "url": "https://bugzilla.suse.com/1182808"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182809",
        "url": "https://bugzilla.suse.com/1182809"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182811",
        "url": "https://bugzilla.suse.com/1182811"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182812",
        "url": "https://bugzilla.suse.com/1182812"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1190312",
        "url": "https://bugzilla.suse.com/1190312"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194539",
        "url": "https://bugzilla.suse.com/1194539"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17095 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17095/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17546 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17546/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-19131 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-19131/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35521 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35521/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35522 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35522/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35523 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35523/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35524 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35524/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22844 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22844/"
      }
    ],
    "title": "Security update for tiff",
    "tracking": {
      "current_release_date": "2022-02-17T14:11:19Z",
      "generator": {
        "date": "2022-02-17T14:11:19Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2022:0480-1",
      "initial_release_date": "2022-02-17T14:11:19Z",
      "revision_history": [
        {
          "date": "2022-02-17T14:11:19Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-45.5.1.aarch64",
                "product": {
                  "name": "libtiff-devel-4.0.9-45.5.1.aarch64",
                  "product_id": "libtiff-devel-4.0.9-45.5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-45.5.1.aarch64",
                "product": {
                  "name": "libtiff5-4.0.9-45.5.1.aarch64",
                  "product_id": "libtiff5-4.0.9-45.5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-45.5.1.aarch64",
                "product": {
                  "name": "tiff-4.0.9-45.5.1.aarch64",
                  "product_id": "tiff-4.0.9-45.5.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-45.5.1.ppc64le",
                "product": {
                  "name": "libtiff-devel-4.0.9-45.5.1.ppc64le",
                  "product_id": "libtiff-devel-4.0.9-45.5.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-45.5.1.ppc64le",
                "product": {
                  "name": "libtiff5-4.0.9-45.5.1.ppc64le",
                  "product_id": "libtiff5-4.0.9-45.5.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-45.5.1.ppc64le",
                "product": {
                  "name": "tiff-4.0.9-45.5.1.ppc64le",
                  "product_id": "tiff-4.0.9-45.5.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-45.5.1.s390x",
                "product": {
                  "name": "libtiff-devel-4.0.9-45.5.1.s390x",
                  "product_id": "libtiff-devel-4.0.9-45.5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-45.5.1.s390x",
                "product": {
                  "name": "libtiff5-4.0.9-45.5.1.s390x",
                  "product_id": "libtiff5-4.0.9-45.5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-45.5.1.s390x",
                "product": {
                  "name": "tiff-4.0.9-45.5.1.s390x",
                  "product_id": "tiff-4.0.9-45.5.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-45.5.1.x86_64",
                "product": {
                  "name": "libtiff-devel-4.0.9-45.5.1.x86_64",
                  "product_id": "libtiff-devel-4.0.9-45.5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
                "product": {
                  "name": "libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
                  "product_id": "libtiff-devel-32bit-4.0.9-45.5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-45.5.1.x86_64",
                "product": {
                  "name": "libtiff5-4.0.9-45.5.1.x86_64",
                  "product_id": "libtiff5-4.0.9-45.5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.9-45.5.1.x86_64",
                "product": {
                  "name": "libtiff5-32bit-4.0.9-45.5.1.x86_64",
                  "product_id": "libtiff5-32bit-4.0.9-45.5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-45.5.1.x86_64",
                "product": {
                  "name": "tiff-4.0.9-45.5.1.x86_64",
                  "product_id": "tiff-4.0.9-45.5.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-45.5.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64"
        },
        "product_reference": "libtiff-devel-4.0.9-45.5.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-45.5.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le"
        },
        "product_reference": "libtiff-devel-4.0.9-45.5.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-45.5.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x"
        },
        "product_reference": "libtiff-devel-4.0.9-45.5.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-45.5.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64"
        },
        "product_reference": "libtiff-devel-4.0.9-45.5.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-32bit-4.0.9-45.5.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64"
        },
        "product_reference": "libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-45.5.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64"
        },
        "product_reference": "libtiff5-4.0.9-45.5.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-45.5.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le"
        },
        "product_reference": "libtiff5-4.0.9-45.5.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-45.5.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x"
        },
        "product_reference": "libtiff5-4.0.9-45.5.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-45.5.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-45.5.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-45.5.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-45.5.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-45.5.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64"
        },
        "product_reference": "tiff-4.0.9-45.5.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-45.5.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le"
        },
        "product_reference": "tiff-4.0.9-45.5.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-45.5.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x"
        },
        "product_reference": "tiff-4.0.9-45.5.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-45.5.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        },
        "product_reference": "tiff-4.0.9-45.5.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-17095",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17095"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17095",
          "url": "https://www.suse.com/security/cve/CVE-2017-17095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071031 for CVE-2017-17095",
          "url": "https://bugzilla.suse.com/1071031"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-17095"
    },
    {
      "cve": "CVE-2019-17546",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17546"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17546",
          "url": "https://www.suse.com/security/cve/CVE-2019-17546"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154365 for CVE-2019-17546",
          "url": "https://bugzilla.suse.com/1154365"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17546"
    },
    {
      "cve": "CVE-2020-19131",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-19131"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the \"invertImage()\" function in the component \"tiffcrop\".",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-19131",
          "url": "https://www.suse.com/security/cve/CVE-2020-19131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190312 for CVE-2020-19131",
          "url": "https://bugzilla.suse.com/1190312"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-19131"
    },
    {
      "cve": "CVE-2020-35521",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35521"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35521",
          "url": "https://www.suse.com/security/cve/CVE-2020-35521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182808 for CVE-2020-35521",
          "url": "https://bugzilla.suse.com/1182808"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200195 for CVE-2020-35521",
          "url": "https://bugzilla.suse.com/1200195"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35521"
    },
    {
      "cve": "CVE-2020-35522",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35522"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35522",
          "url": "https://www.suse.com/security/cve/CVE-2020-35522"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182809 for CVE-2020-35522",
          "url": "https://bugzilla.suse.com/1182809"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200195 for CVE-2020-35522",
          "url": "https://bugzilla.suse.com/1200195"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35522"
    },
    {
      "cve": "CVE-2020-35523",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35523"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35523",
          "url": "https://www.suse.com/security/cve/CVE-2020-35523"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182811 for CVE-2020-35523",
          "url": "https://bugzilla.suse.com/1182811"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200195 for CVE-2020-35523",
          "url": "https://bugzilla.suse.com/1200195"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35523"
    },
    {
      "cve": "CVE-2020-35524",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35524"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff\u0027s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35524",
          "url": "https://www.suse.com/security/cve/CVE-2020-35524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182812 for CVE-2020-35524",
          "url": "https://bugzilla.suse.com/1182812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200195 for CVE-2020-35524",
          "url": "https://bugzilla.suse.com/1200195"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35524"
    },
    {
      "cve": "CVE-2022-22844",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22844"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
          "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22844",
          "url": "https://www.suse.com/security/cve/CVE-2022-22844"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194539 for CVE-2022-22844",
          "url": "https://bugzilla.suse.com/1194539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtiff-devel-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff-devel-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-32bit-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:libtiff5-4.0.9-45.5.1.x86_64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.aarch64",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.ppc64le",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.s390x",
            "openSUSE Leap 15.3:tiff-4.0.9-45.5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-02-17T14:11:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-22844"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-35523 (GCVE-0-2020-35523)

Solutions

Solutions

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature