Heap-based Buffer Overflow in libtiff Affects TIFF2PDF Tool
CVE-2020-35524

7.8HIGH

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 9 March 2021

What is CVE-2020-35524?

A heap-based buffer overflow vulnerability has been identified in libtiff that occurs during the processing of TIFF images within the TIFF2PDF tool. Attackers could exploit this vulnerability by crafting a specially formatted TIFF file that, when processed, may allow for arbitrary code execution on the affected system. This flaw presents significant risks to confidentiality, integrity, and overall system availability, necessitating immediate updates to affected libraries.

Affected Version(s)

libtiff libtiff 4.2.0

References

https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7a...

x_refsource_MISC

https://gitlab.com/libtiff/libtiff/-/merge_requests/159

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1932044

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2021
Vulnerability Reserved
Dec 17, 2020

Libtiff

What is CVE-2020-35524?

Affected Version(s)

References

CVSS V3.1

Timeline