PT-2018-13498 · Libtiff+1 · Libtiff+1

Marsman1996

Published

2018-09-02

Updated

2024-06-15

CVE-2018-16335

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.9

Description The issue is related to the handling of newoffsets in the ChopUpSingleUncompressedStrip function in tif dirread.c, which can be exploited by remote attackers using a crafted TIFF file. This can cause a denial of service due to a heap-based buffer overflow, leading to an application crash, and potentially have other unspecified impacts.

Recommendations For LibTIFF version 4.0.9, consider updating to a newer version that addresses this issue, as using crafted TIFF files can lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

AZL-45291

CVE-2018-16335

DSA-4349-1

OPENSUSE-SU-2018_3370-1

OPENSUSE-SU-2018_3371-1

OPENSUSE-SU-2024:11461-1

SUSE-SU-2018:3289-1

SUSE-SU-2018:3327-1

SUSE-SU-2018:3391-1

Affected Products

Libtiff

Suse

PT-2018-13498 · Libtiff+1 · Libtiff+1

CVE-2018-16335

Weakness Enumeration

Related Identifiers

Affected Products

References · 71