发布时间: 2022年3月26日
修改时间: 2024年10月31日
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 7.1 | 7.1 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | Required | Required |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1342 | libtiff security update | 2022年3月26日 |
| KylinSec-SA-2022-2634 | libtiff security update | 2022年11月11日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | libtiff | Fixed |
| KY3.4-5A | libtiff | Fixed |
| KY3.5.1 | libtiff | Fixed |
