Your submission was sent successfully! Close

CVE-2018-12900

Published: 26 June 2018

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Priority

Low

CVSS 3 base score: 8.8

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
artful Needed

bionic
Released (4.0.9-5ubuntu0.2)
cosmic
Released (4.0.9-6ubuntu0.2)
precise
Released (3.9.5-2ubuntu1.12)
trusty
Released (4.0.3-7ubuntu0.11)
upstream
Released (4.0.10-4)
xenial
Released (4.0.6-1ubuntu0.6)