CVE-2020-35524

Beschreibung:
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CWE: CWE-119

CVSS-Bewertung
CVSS 2: MEDIUM – 6.8 (Version: 2.0)
CVSS 3: HIGH – 7.8 (Version: 3.1)

Links:

NVD – CVE-2020-35524
CVE – CVE-2020-35524

Link (max. 20) Quelle Tags
https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 MISC Patch Third Party Advisory Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1932044 MISC Issue Tracking Patch Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/159 MISC Patch Third Party Advisory
DSA-4869 DEBIAN Third Party Advisory Third Party Advisory
FEDORA-2021-1bf4f2f13a FEDORA Third Party Advisory VDB Entry
GLSA-202104-06 GENTOO Third Party Advisory Mailing List Third Party Advisory
FEDORA-2021-63fcbd126e FEDORA Third Party Advisory VDB Entry
FEDORA-2021-ffd0b2108d FEDORA Mailing List Third Party Advisory
FEDORA-2021-03e61a6647 FEDORA Mailing List Third Party Advisory
https://support.apple.com/kb/HT212320 CONFIRM Third Party Advisory VDB Entry
20210427 APPLE-SA-2021-04-26-10 Xcode 12.5 FULLDISC Mailing List Third Party Advisory
GLSA-202104-01 GENTOO Third Party Advisory VDB Entry
https://www.tenable.com/security/tns-2021-05 CONFIRM Third Party Advisory
FEDORA-2021-cbf14ab8f9 FEDORA Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10356 CONFIRM Third Party Advisory
https://www.tenable.com/security/tns-2021-09 CONFIRM

Quelle: NVD – CVE-2020-35524
Datum Veröffentlichung: 2021-03-09T20:15Z, Datum letzte Änderung: 2021-05-05T15:04Z