CVE-2018-12900 — Out-of-bounds Write in Tiff

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow CWE-190 — Integer Overflow or Wraparound CWE-822 — Untrusted Pointer Dereference18 documents7 sources

Severity

8.8HIGHNVD

NVD6.5

EPSS

9.9%

top 6.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Canonical Ubuntu Linux Debian Linux +2 more

Timeline

PublishedJun 26

Latest updateMay 13

Description

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlibtiff/libtiff4.0.10, 4.0.9+1

▶debiandebian/tiff< tiff 4.0.10-4 (bookworm)

▶NVDopensuse/leap15.0

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-26x4-fg42-26fj: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite↗2022-05-13

▶

GHSA

GHSA-v933-8xv5-c5mm: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp↗2022-05-13

▶

OSV

CVE-2019-7663: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite↗2019-02-09

▶

OSV

CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp↗2018-06-26

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2019-03-18

▶

Ubuntu

LibTIFF vulnerabilities↗2019-03-12

▶

Debian

CVE-2019-7663: tiff - An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfu...↗2019

▶

Red Hat

libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference↗2018-12-18

▶

Red Hat

libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution↗2018-06-26

▶

💬Community

Bugzilla

CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference↗2019-02-15

▶

Bugzilla

CVE-2018-12900 mingw-libtiff: libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution [epel-7]↗2018-06-27

▶

Bugzilla

CVE-2018-12900 libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution [fedora-all]↗2018-06-27

▶

Bugzilla

CVE-2018-12900 mingw-libtiff: libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution [fedora-all]↗2018-06-27

▶

Bugzilla

CVE-2018-12900 libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution↗2018-06-27

▶