PT-2018-3509 · Libtiff+5 · Libtiff+5

Rookie

Published

2018-06-26

Updated

2024-06-15

CVE-2018-12900

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: LibTIFF versions 3.9.3 through 4.0.9

Description: The issue is related to a heap-based buffer overflow in the cpSeparateBufToContigBuf function, which can be exploited by remote attackers using a crafted TIFF file. This can lead to a denial of service (crash) or potentially have other unspecified impacts. The vulnerability is also associated with a buffer overflow operation that allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations: For LibTIFF versions 3.9.3 through 4.0.9, consider disabling the cpSeparateBufToContigBuf function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2019-1628

ALT-PU-2019-3143

ALT-PU-2021-2853

BDU:2020-03213

CESA-2019_2053

CESA-2019_3419

CVE-2018-12900

DLA-2009-1

DSA-4670-1

MGASA-2018-0493

OPENSUSE-SU-2018_3947-1

OPENSUSE-SU-2018_3948-1

OPENSUSE-SU-2024:11461-1

RHSA-2019:2053

RHSA-2019:3419

RHSA-2019_2053

RHSA-2019_3419

SUSE-SU-2018:3879-1

SUSE-SU-2018:3911-1

SUSE-SU-2018:3911-2

SUSE-SU-2018:3925-1

SUSE-SU-2018_3911-1

SUSE-SU-2018_3911-2

SUSE-SU-2018_3925-1

USN-3906-1

USN-3906-2

Affected Products

Alt Linux

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2018-3509 · Libtiff+5 · Libtiff+5

CVE-2018-12900

Weakness Enumeration

Related Identifiers

Affected Products

References · 290