PT-2018-2513 · Libtiff+4 · Libtiff+4

Thomas Dullien

Published

2018-10-13

Updated

2024-06-15

CVE-2018-18557

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF versions 3.9.3 through 4.0.9

Description The issue is related to the JBIGDecode function in the LibTIFF library, which decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. This leads to an out-of-bounds write in the tif jbig.c JBIGDecode function. The exploitation of this issue may allow an attacker to cause a denial of service or execute arbitrary code using specially crafted image files.

Recommendations For LibTIFF versions 3.9.3 through 4.0.9, consider disabling the JBIG functionality until a patch is available. As a temporary workaround, restrict the use of the JBIGDecode function in the tif jbig.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2019-00884

CESA-2019_2053

CVE-2018-18557

DLA-1557-1

DSA-4349-1

MGASA-2018-0493

OPENSUSE-SU-2018_3947-1

OPENSUSE-SU-2018_3948-1

OPENSUSE-SU-2024:11461-1

RHSA-2019:2053

RHSA-2019_2053

SUSE-SU-2018:3911-1

SUSE-SU-2018:3911-2

SUSE-SU-2018:3925-1

USN-3864-1

USN-3906-2

Affected Products

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2018-2513 · Libtiff+4 · Libtiff+4

CVE-2018-18557

Weakness Enumeration

Related Identifiers

Affected Products

References · 161