CVE-2018-18557

Published: 22 October 2018

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	bionic	Released (4.0.9-5ubuntu0.1)
	cosmic	Released (4.0.9-6ubuntu0.1)
	precise	Released (3.9.5-2ubuntu1.12)
	trusty	Released (4.0.3-7ubuntu0.10)
	upstream	Released (4.0.9+git181026-1)
	xenial	Released (4.0.6-1ubuntu0.5)
	Patches: upstream: https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
https://ubuntu.com/security/notices/USN-3864-1
https://ubuntu.com/security/notices/USN-3906-2
NVD
Launchpad
Debian

Bugs

https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911635

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›