CVE-2018-12900
Published: 26 June 2018
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Notes
| Author | Note |
|---|---|
| mdeslaur | issue is in tiffcp utility |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tiff Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life, was needed)
|
| bionic |
Released
(4.0.9-5ubuntu0.2)
|
|
| cosmic |
Released
(4.0.9-6ubuntu0.2)
|
|
| trusty |
Released
(4.0.3-7ubuntu0.11)
|
|
| upstream |
Released
(4.0.10-4)
|
|
| xenial |
Released
(4.0.6-1ubuntu0.6)
|
|
|
Patches: other: https://gitlab.com/libtiff/libtiff/merge_requests/44 other: https://gitlab.com/libtiff/libtiff/merge_requests/60 upstream: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |