CVE-2018-12900
Published: 26 June 2018
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Priority
Low
CVSS 3 base score: 8.8
Status
| Package | Release | Status |
|---|---|---|
|
tiff Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.0.10-4)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.0.9-5ubuntu0.2)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.0.6-1ubuntu0.6)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.0.3-7ubuntu0.11)
|
|
|
Patches: Other: https://gitlab.com/libtiff/libtiff/merge_requests/44 Other: https://gitlab.com/libtiff/libtiff/merge_requests/60 Upstream: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01 |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | issue is in tiffcp utility |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
- https://usn.ubuntu.com/usn/usn-3906-1
- https://usn.ubuntu.com/usn/usn-3906-2
- NVD
- Launchpad
- Debian