CVE-2018-12900

Published: 26 June 2018

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	artful	Needed
	bionic	Released (4.0.9-5ubuntu0.2)
	cosmic	Released (4.0.9-6ubuntu0.2)
	precise	Released (3.9.5-2ubuntu1.12)
	trusty	Released (4.0.3-7ubuntu0.11)
	upstream	Released (4.0.10-4)
	xenial	Released (4.0.6-1ubuntu0.6)

Notes

Author	Note
mdeslaur	issue is in tiffcp utility

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›