Description
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
References (4)
Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1932034
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202104-06
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210521-0009/
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
22.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (5)
fedoraproject/fedora
33
libtiff/libtiff
< 4.2.0
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
Published
Mar 09, 2021
Tracked Since
Feb 18, 2026