Upstream information
Description
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.SUSE information
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 6.82 | 4.30 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network | Network |
| Access Complexity | Medium | Medium |
| Authentication | None | None |
| Confidentiality Impact | Partial | None |
| Integrity Impact | Partial | None |
| Availability Impact | Partial | Partial |
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 7.8 | 5.3 |
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Access Vector | Local | Network |
| Access Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | Required | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | High | None |
| Integrity Impact | High | None |
| Availability Impact | High | Low |
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry: 1033113 [NEW] No SUSE Security Announcements cross referenced.List of packages in QA
| Product(s) | Package(s) |
|---|---|
| SUSE Linux Enterprise Desktop 12 SP2 |
|
| SUSE Linux Enterprise Server 12 SP2 |
|
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
|
| SUSE Linux Enterprise Software Development Kit 12 SP2 |
|
