漏洞信息详情
Silicon Graphics LibTIFF 输入验证错误漏洞
- CNNVD编号:CNNVD-201910-787 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2019-17546
- 漏洞类型: 输入验证错误
- 发布时间: 2019-10-13
- 威胁类型: 远程
- 更新时间: 2021-04-14
- 厂 商:
- 漏洞来源: Debian,Red Hat,Gen...
-
漏洞简介
Silicon Graphics LibTIFF是美国Silicon Graphics公司的一个读写TIFF(标签图像文件格式)文件的库。该库包含一些处理TIFF文件的命令行工具。GDAL是一款开源的地理空间数据抽象库。
Silicon Graphics 3.0.1及之前版本和其他产品中所使用的LibTIFF 4.0.10及之前版本的tif_getimage.c文件存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
参考网址
来源:gitlab.com
链接:https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
来源:github.com
链接:https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
来源:bugs.chromium.org
链接:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2020/Jan/32
来源:DEBIAN
链接:https://www.debian.org/security/2020/dsa-4670
来源:GENTOO
链接:https://security.gentoo.org/glsa/202003-25
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
来源:DEBIAN
链接:https://www.debian.org/security/2020/dsa-4608
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/
来源:www.debian.org
链接:https://www.debian.org/security/2020/dsa-4608
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161536/Red-Hat-Security-Advisory-2020-5635-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3535/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-17546
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156043/Debian-Security-Advisory-4608-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1536/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159553/Red-Hat-Security-Advisory-2020-4255-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3814/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0971/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-5/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159361/Red-Hat-Security-Advisory-2020-3902-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1207
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0319/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0222/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0691
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156747/Gentoo-Linux-Security-Advisory-202003-25.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4491/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159661/Red-Hat-Security-Advisory-2020-4264-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-libtiff/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3387/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162142/Red-Hat-Security-Advisory-2021-1079-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3631/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159837/Red-Hat-Security-Advisory-2020-4634-01.html
受影响实体
暂无
补丁
- Silicon Graphics LibTIFF 输入验证错误漏洞的修复措施<!--2019-10-13-->
还没有评论,来说两句吧...