Main Vulnerability Database SB2019110207

SB2019110207 - Improper Adherence to Coding Standards in tiff (Alpine package)

Published: November 2, 2019

Security Bulletin ID SB2019110207

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Adherence to Coding Standards (CVE-ID: CVE-2019-10927)

CWE-ID: -

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the software does not follow certain coding rules for development. A remote authenticated attacker with network access to Port 22/TCP of an affected device can cause a denial-of-service condition.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ca4e26abdf0af7b8d12c52909a22ba4855bfc304
https://git.alpinelinux.org/aports/commit/?id=0cb0e034871173f92fea3c60c471d5c4570db3c7
https://git.alpinelinux.org/aports/commit/?id=2ab20b2c571f30cd5618eff282cb4c2d3ab364b6
https://git.alpinelinux.org/aports/commit/?id=34a8d91d0150241d45581e22442bd62d4d0134b5
https://git.alpinelinux.org/aports/commit/?id=51217eaa516ccee4fbefda489f991be72adc6c51
https://git.alpinelinux.org/aports/commit/?id=c333ac8f99726f282897b8998a2f1fc951bcdc83