PT-2019-5490 · Libtiff+2 · Libtiff+2

Thomas Bernard

Publicado

2019-02-09

Atualizado

2024-06-15

CVE-2019-7663

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.10

Description A denial-of-service issue was discovered in the TIFFWriteDirectoryTagTransferfunction, affecting the cpSeparateBufToContigBuf function. This issue allows remote attackers to cause a denial-of-service via a crafted TIFF file. The vulnerability is related to an invalid address dereference and a buffer data boundary operation.

Recommendations For LibTIFF version 4.0.10, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. As a temporary workaround, consider restricting the use of crafted TIFF files to minimize the risk of exploitation.

Exploit

Correção

Untrusted Pointer Dereference

Integer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-822CWE-190CWE-119

Identificadores relacionados

BDU:2020-03281

CVE-2019-7663

DLA-1680-1

DSA-4670-1

MGASA-2019-0101

OPENSUSE-SU-2019:1161-1

OPENSUSE-SU-2019_1161-1

OPENSUSE-SU-2024:11461-1

SUSE-SU-2019:0786-1

SUSE-SU-2019:3058-1

USN-3906-1

USN-3906-2

Produtos afetados

Libtiff

Suse

Ubuntu

PT-2019-5490 · Libtiff+2 · Libtiff+2

CVE-2019-7663

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 129