CVE-2020-35523
libtiff: Integer overflow in tif_getimage.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Se encontró un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c. Este fallo permite a un atacante inyectar y ejecutar código arbitrario cuando un usuario abre un archivo TIFF diseñado. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema
An update that fixes 8 vulnerabilities is now available. This update for tiff fixes the following issues. Fixed DoS in tools/pal2rgb.c in pal2rgb. Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image. Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage function. Fixed memory allocation failure in tif_read.c. Fixed memory allocation failure in tif_pixarlog.c. Fixed integer overflow in tif_getimage.c. Fixed heap-based buffer overflow in TIFF2PDF tool. Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-02-26 CVE Published
- 2024-08-04 CVE Updated
- 2025-07-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210521-0009 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1932040 | 2021-11-09 | |
| https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 | 2023-11-07 | |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/160 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | < 4.2.0 Search vendor "Libtiff" for product "Libtiff" and version " < 4.2.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||