PT-2019-5490 · Libtiff+2 · Libtiff+2

Thomas Bernard

Published

2019-02-09

Updated

2024-06-15

CVE-2019-7663

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.10

Description A denial-of-service issue was discovered in the TIFFWriteDirectoryTagTransferfunction, affecting the cpSeparateBufToContigBuf function. This issue allows remote attackers to cause a denial-of-service via a crafted TIFF file. The vulnerability is related to an invalid address dereference and a buffer data boundary operation.

Recommendations For LibTIFF version 4.0.10, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. As a temporary workaround, consider restricting the use of crafted TIFF files to minimize the risk of exploitation.

Exploit

Fix

Untrusted Pointer Dereference

Integer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-822CWE-190CWE-119

Related Identifiers

BDU:2020-03281

CVE-2019-7663

DLA-1680-1

DSA-4670-1

MGASA-2019-0101

OPENSUSE-SU-2019:1161-1

OPENSUSE-SU-2019_1161-1

OPENSUSE-SU-2024:11461-1

SUSE-SU-2019:0786-1

SUSE-SU-2019:3058-1

USN-3906-1

USN-3906-2

Affected Products

Libtiff

Suse

Ubuntu

PT-2019-5490 · Libtiff+2 · Libtiff+2

CVE-2019-7663

Weakness Enumeration

Related Identifiers

Affected Products

References · 129