CVE-2018-12900
Published: 26 June 2018
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Notes
Author | Note |
---|---|
mdeslaur | issue is in tiffcp utility |
Priority
Status
Package | Release | Status |
---|---|---|
tiff Launchpad, Ubuntu, Debian |
artful |
Needed
|
bionic |
Released
(4.0.9-5ubuntu0.2)
|
|
cosmic |
Released
(4.0.9-6ubuntu0.2)
|
|
trusty |
Released
(4.0.3-7ubuntu0.11)
|
|
upstream |
Released
(4.0.10-4)
|
|
xenial |
Released
(4.0.6-1ubuntu0.6)
|
|
Patches: other: https://gitlab.com/libtiff/libtiff/merge_requests/44 other: https://gitlab.com/libtiff/libtiff/merge_requests/60 upstream: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |