PT-2023-4821 · Libtiff+1 · Libtiff+1

Rookie

Publicado

2021-10-03

Atualizado

2023-11-06

CVE-2020-18768

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libtiff version 4.0.10

Description The issue is related to a heap buffer overflow in the TIFFmemcpy function in tif unix.c of the libtiff library. This allows an attacker to cause a denial-of-service through a crafted tiff file. The vulnerability is associated with writing beyond the buffer boundaries in memory, which can be exploited to disrupt service.

Recommendations For libtiff version 4.0.10, consider disabling the TIFFmemcpy function as a temporary workaround until a patch is available. Restrict access to crafted tiff files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

AZL-43876

AZL-44271

BDU:2023-05284

CVE-2020-18768

DLA-2777-1

OPENSUSE-SU-2023_4370-1

SUSE-SU-2023:4370-1

SUSE-SU-2023:4371-1

SUSE-SU-2023_4370-1

SUSE-SU-2023_4371-1

Produtos afetados

Suse

Libtiff

PT-2023-4821 · Libtiff+1 · Libtiff+1

CVE-2020-18768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38