Msrc Cm1 Libtiff 4.1.0-2 On Cbl Mariner 1.0 vulnerabilities

4 known vulnerabilities affecting msrc/cm1_libtiff_4.1.0-2_on_cbl_mariner_1.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-35524HIGHCVSS 7.82021-03-09
CVE-2020-35524 [HIGH] CWE-787 A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality integrity as well as s
msrc
CVE-2020-35523HIGHCVSS 7.82021-03-09
CVE-2020-35523 [HIGH] CWE-190 An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highe An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality integrity as
msrc
CVE-2020-35522MEDIUMCVSS 5.52021-03-09
CVE-2020-35522 [MEDIUM] CWE-119 In LibTIFF there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. In LibTIFF there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of t
msrc
CVE-2020-35521MEDIUMCVSS 5.52021-03-09
CVE-2020-35521 [MEDIUM] CWE-119 A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c a crafted TIFF file can lead to an abort resulting in denial of service. A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c a crafted TIFF file can lead to an abort resulting in denial of service. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main be
msrc
Msrc Cm1 Libtiff 4.1.0-2 On Cbl Mariner 1.0 vulnerabilities | cvebase