CVE-2020-35524

Name
CVE-2020-35524
Description
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1932044
Patch https://gitlab.com/libtiff/libtiff/-/merge_requests/159
Third Party Advisory https://www.debian.org/security/2021/dsa-4869
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
Third Party Advisory https://security.gentoo.org/glsa/202104-06
CONFIRM https://security.netapp.com/advisory/ntap-20210521-0009/
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* libtiff >= None < 4.2.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status