CVE-2018-16335
published 2018-09-02CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer…
PriorityP338high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.65%
83.7th percentile
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.0.9-5 (bookworm) | tiff 4.0.9-5 (bookworm) |
| fasterxml | jackson-databind | >= 0 < 2.4.2-3ubuntu0.1~esm2 | 2.4.2-3ubuntu0.1~esm2 |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
vendor_redhat·2018-08-07·CVSS 8.8
CVE-2018-16335 [HIGH] CWE-122 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
A vulnerability was found in the LibTIFF package, where a heap-based buffer overflow in the newoffsets handling of the ChopUpSingleUncompressedStrip function in tif_dirread.c can cause a denial of service.
Statement: This vulnerability is rated as moderate because it allows an attacker to cause a denial of service through a heap-based buffer overflow, exploiting this
Debian
CVE-2018-16335: tiff - newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF...
vendor_debian·2018·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335: tiff - newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF...
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
Scope: local
bookworm: resolved (fixed in 4.0.9-5)
bullseye: resolved (fixed in 4.0.9-5)
forky: resolved (fixed in 4.0.9-5)
sid: resolved (fixed in 4.0.9-5)
trixie: resolved (fixed in 4.0.9-5)
GHSA
GHSA-mrp2-rrc8-6v2w: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-16335 [HIGH] CWE-787 GHSA-mrp2-rrc8-6v2w: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
OSV
jackson-databind vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2018-11307 jackson-databind vulnerabilities
jackson-databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2
OSV
CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
osv·2018-09-02·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
bugzilla·2018-09-03·CVSS 6.5
CVE-2018-16335 [MEDIUM] CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2018-16335 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
bugzilla·2018-09-03·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
CVE-2018-16335 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
N
Bugzilla
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
bugzilla·2018-09-03·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
A flaw was found in LibTIFF 4.0.9. The newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2809
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1624982]
Created mingw-libtiff tracking bugs for this issue:
Affects: epel-7 [bug 1624985]
Affects: fedora-all [bug 1624984]
---
openshift-enterprise-3: the following container images include versions of libtiff ranging f
Bugzilla
CVE-2018-16335 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [epel-7]
bugzilla·2018-09-03·CVSS 8.8
CVE-2018-16335 [HIGH] CVE-2018-16335 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [epel-7]
CVE-2018-16335 mingw-libtiff: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussi
2018-09-02
Published