// For flags

CVE-2020-35524

libtiff: Heap-based buffer overflow in TIFF2PDF tool

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Se encontró un error de desbordamiento de búfer en la región heap de la memoria en libtiff en el manejo de imágenes TIFF en la herramienta TIFF2PDF de libtiff. Un archivo TIFF especialmente diseñado puede conllevar a una ejecución de código arbitraria. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema

An update that fixes 8 vulnerabilities is now available. This update for tiff fixes the following issues. Fixed DoS in tools/pal2rgb.c in pal2rgb. Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image. Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage function. Fixed memory allocation failure in tif_read.c. Fixed memory allocation failure in tif_pixarlog.c. Fixed integer overflow in tif_getimage.c. Fixed heap-based buffer overflow in TIFF2PDF tool. Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-03-09 CVE Published
  • 2024-08-04 CVE Updated
  • 2025-07-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libtiff
Search vendor "Libtiff"
 Libtiff
Search vendor "Libtiff" for product "Libtiff"
 < 4.2.0
Search vendor "Libtiff" for product "Libtiff" and version " < 4.2.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Netapp
Search vendor "Netapp"
 Ontap Select Deploy Administration Utility
Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"
--
Affected
Netapp
Search vendor "Netapp"
 Ontap Select Deploy Administration Utility
Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"
--
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected