PT-2018-12946 · Libtiff+5 · Libtiff+5

Marsman1996

Publicado

2018-08-08

Atualizado

2024-08-21

CVE-2018-15209

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.9

Description The issue allows remote attackers to cause a denial of service, which is a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted TIFF file. This can be demonstrated using tiff2pdf.

Recommendations For LibTIFF version 4.0.9, update to a version that fixes the issue in the ChopUpSingleUncompressedStrip function in tif dirread.c to prevent a heap-based buffer overflow and application crash. As a temporary workaround, consider restricting the processing of crafted TIFF files to minimize the risk of exploitation.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2024:5079

AZL-45063

CESA-2024_5079

CVE-2018-15209

DSA-4349-1

INFSA-2024_5079

RHSA-2024:5079

RHSA-2024_5079

RLSA-2024:5079

Produtos afetados

Almalinux

Centos

Libtiff

Red Hat

Rocky Linux

Suse

PT-2018-12946 · Libtiff+5 · Libtiff+5

CVE-2018-15209

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32