CVE-2020-35522
MEDIUMlibtiff - Denial of Service via Crafted TIFF in tif_pixarlog.c
Title source: llmDescription
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
References (4)
Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1932037
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202104-06
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210521-0009/
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
13.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (6)
fedoraproject/fedora
33
libtiff/libtiff
< 4.2.0
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
Published
Mar 09, 2021
Tracked Since
Feb 18, 2026