PublicDateAtUSN: 2020-12-31 00:00:00 UTC
Candidate: CVE-2020-35523
PublicDate: 2021-03-09 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
 https://gitlab.com/libtiff/libtiff/-/merge_requests/160
 https://ubuntu.com/security/notices/USN-4755-1
Description:
 An integer overflow flaw was found in libtiff that exists in the
 tif_getimage.c file. This flaw allows an attacker to inject and execute
 arbitrary code when a user opens a crafted TIFF file. The highest threat
 from this vulnerability is to confidentiality, integrity, as well as system
 availability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_tiff:
 upstream: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
upstream_tiff: released (4.1.0+git201212-1)
precise/esm_tiff: ignored (end of ESM support, was needs-triage)
trusty_tiff: ignored (out of standard support)
trusty/esm_tiff: needs-triage
xenial_tiff: released (4.0.6-1ubuntu0.8)
esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8)
bionic_tiff: released (4.0.9-5ubuntu0.4)
focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.1)
groovy_tiff: released (4.1.0+git191117-2ubuntu0.20.10.1)
hirsute_tiff: not-affected (4.1.0+git201212-1ubuntu1)
impish_tiff: not-affected (4.1.0+git201212-1ubuntu1)
jammy_tiff: not-affected (4.1.0+git201212-1ubuntu1)
devel_tiff: not-affected (4.1.0+git201212-1ubuntu1)