* CVE-2020-35524 Description: "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." * CVE-2020-35523 Description: "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." * CVE-2020-35522 Description: "In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack." * CVE-2020-35521 Description: "A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service."
New GLSA request filed.
This issue was resolved and addressed in GLSA 202104-06 at https://security.gentoo.org/glsa/202104-06 by GLSA coordinator Thomas Deutschmann (whissi).