CVE-2018-15209
published 2018-08-08CVE-2018-15209: ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and…
PriorityP340high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
3.97%
89.2th percentile
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.0.9-5 (bookworm) | tiff 4.0.9-5 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
vendor_redhat·2018-08-07·CVSS 8.8
CVE-2018-15209 [HIGH] CWE-122 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
Statement: Red Hat has determined that this vulnerability has a moderate severity due to a series of factors. Firstly, the attack vector necessary to successfully exploit this flaw is local, given that the attacker must rely on user interaction (by tricking or fooling them into opening a maliciously-crafted TIFF file). Secondly, the CIA impact of this vulnerability should be assumed to be Low for all three vectors, due to to the fact that a suc
Red Hat
libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
vendor_redhat·2018-08-07·CVSS 8.8
CVE-2018-16335 [HIGH] CWE-122 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
A vulnerability was found in the LibTIFF package, where a heap-based buffer overflow in the newoffsets handling of the ChopUpSingleUncompressedStrip function in tif_dirread.c can cause a denial of service.
Statement: This vulnerability is rated as moderate because it allows an attacker to cause a denial of service through a heap-based buffer overflow, exploiting this
Debian
CVE-2018-15209: tiff - ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote at...
vendor_debian·2018·CVSS 8.8
CVE-2018-15209 [HIGH] CVE-2018-15209: tiff - ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote at...
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
Scope: local
bookworm: resolved (fixed in 4.0.9-5)
bullseye: resolved (fixed in 4.0.9-5)
forky: resolved (fixed in 4.0.9-5)
sid: resolved (fixed in 4.0.9-5)
trixie: resolved (fixed in 4.0.9-5)
Debian
CVE-2018-16335: tiff - newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF...
vendor_debian·2018·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335: tiff - newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF...
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
Scope: local
bookworm: resolved (fixed in 4.0.9-5)
bullseye: resolved (fixed in 4.0.9-5)
forky: resolved (fixed in 4.0.9-5)
sid: resolved (fixed in 4.0.9-5)
trixie: resolved (fixed in 4.0.9-5)
GHSA
GHSA-hpvx-h4gg-hpc4: ChopUpSingleUncompressedStrip in tif_dirread
ghsa_unreviewed·2022-05-13
CVE-2018-15209 [HIGH] CWE-787 GHSA-hpvx-h4gg-hpc4: ChopUpSingleUncompressedStrip in tif_dirread
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
GHSA
GHSA-mrp2-rrc8-6v2w: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-16335 [HIGH] CWE-787 GHSA-mrp2-rrc8-6v2w: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
OSV
CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
osv·2018-09-02·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
OSV
CVE-2018-15209: ChopUpSingleUncompressedStrip in tif_dirread
osv·2018-08-08·CVSS 8.8
CVE-2018-15209 [HIGH] CVE-2018-15209: ChopUpSingleUncompressedStrip in tif_dirread
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
bugzilla·2018-09-03·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
A flaw was found in LibTIFF 4.0.9. The newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2809
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1624982]
Created mingw-libtiff tracking bugs for this issue:
Affects: epel-7 [bug 1624985]
Affects: fedora-all [bug 1624984]
---
openshift-enterprise-3: the following container images include versions of libtiff ranging f
Bugzilla
CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
bugzilla·2018-08-08·CVSS 6.5
CVE-2018-15209 [MEDIUM] CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2018-15209 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
bugzilla·2018-08-08·CVSS 8.8
CVE-2018-15209 [HIGH] CVE-2018-15209 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
CVE-2018-15209 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
N
Bugzilla
CVE-2018-15209 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [epel-7]
bugzilla·2018-08-08·CVSS 8.8
CVE-2018-15209 [HIGH] CVE-2018-15209 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [epel-7]
CVE-2018-15209 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussi
Bugzilla
CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
bugzilla·2018-08-08·CVSS 8.8
CVE-2018-15209 [HIGH] CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
A flaw was found in in LibTIFF 4.0.9. ChopUpSingleUncompressedStrip in tif_dirread.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted TIFF file, as demonstrated by tiff2pdf.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2808
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1614052]
Created mingw-libtiff tracking bugs for this issue:
Affects: epel-7 [bug 1614054]
Affects: fedora-all [bug 1614053]
---
Statement:
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 5, 6, and 7.
---
This issue has been addressed in the following pr
2018-08-08
Published