PT-2023-4821 · Libtiff+1 · Libtiff+1

Rookie

Published

2021-10-03

Updated

2023-11-06

CVE-2020-18768

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libtiff version 4.0.10

Description The issue is related to a heap buffer overflow in the TIFFmemcpy function in tif unix.c of the libtiff library. This allows an attacker to cause a denial-of-service through a crafted tiff file. The vulnerability is associated with writing beyond the buffer boundaries in memory, which can be exploited to disrupt service.

Recommendations For libtiff version 4.0.10, consider disabling the TIFFmemcpy function as a temporary workaround until a patch is available. Restrict access to crafted tiff files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

AZL-43876

AZL-44271

BDU:2023-05284

CVE-2020-18768

DLA-2777-1

OPENSUSE-SU-2023_4370-1

SUSE-SU-2023:4370-1

SUSE-SU-2023:4371-1

SUSE-SU-2023_4370-1

SUSE-SU-2023_4371-1

Affected Products

Suse

Libtiff

PT-2023-4821 · Libtiff+1 · Libtiff+1

CVE-2020-18768

Weakness Enumeration

Related Identifiers

Affected Products

References · 38