PT-2018-13498 · Libtiff+1 · Libtiff+1

Marsman1996

Publicado

2018-09-02

Atualizado

2024-06-15

CVE-2018-16335

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.9

Description The issue is related to the handling of newoffsets in the ChopUpSingleUncompressedStrip function in tif dirread.c, which can be exploited by remote attackers using a crafted TIFF file. This can cause a denial of service due to a heap-based buffer overflow, leading to an application crash, and potentially have other unspecified impacts.

Recommendations For LibTIFF version 4.0.9, consider updating to a newer version that addresses this issue, as using crafted TIFF files can lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

AZL-45291

CVE-2018-16335

DSA-4349-1

OPENSUSE-SU-2018_3370-1

OPENSUSE-SU-2018_3371-1

OPENSUSE-SU-2024:11461-1

SUSE-SU-2018:3289-1

SUSE-SU-2018:3327-1

SUSE-SU-2018:3391-1

Produtos afetados

Libtiff

Suse

PT-2018-13498 · Libtiff+1 · Libtiff+1

CVE-2018-16335

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71