CVE-2018-17795
published 2018-09-30CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and…
PriorityP341high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
4.10%
89.5th percentile
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.9-2 (bookworm) | tiff 4.0.9-2 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-96fq-9mpq-xgqj: The function t2p_write_pdf in tiff2pdf
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-17795 [HIGH] CWE-787 GHSA-96fq-9mpq-xgqj: The function t2p_write_pdf in tiff2pdf
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
OSV
CVE-2018-17795: The function t2p_write_pdf in tiff2pdf
osv·2018-09-30·CVSS 8.8
CVE-2018-17795 [HIGH] CVE-2018-17795: The function t2p_write_pdf in tiff2pdf
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
Red Hat
libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()
vendor_redhat·2018-10-02·CVSS 8.8
CVE-2018-17795 [HIGH] CWE-122 libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()
libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected
Package: libtiff (Red Hat Enterprise Linux 7) - Not affected
Package: libtiff (Red Hat Enterprise Linux 8) - Not affected
Package: mingw-libtiff (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-17795: tiff - The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows rem...
vendor_debian·2018·CVSS 8.8
CVE-2018-17795 [HIGH] CVE-2018-17795: tiff - The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows rem...
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
Scope: local
bookworm: resolved (fixed in 4.0.9-2)
bullseye: resolved (fixed in 4.0.9-2)
forky: resolved (fixed in 4.0.9-2)
sid: resolved (fixed in 4.0.9-2)
trixie: resolved (fixed in 4.0.9-2)
No detection rules found.
No public exploits indexed.
http://bugzilla.maptools.org/show_bug.cgi?id=2816http://www.securityfocus.com/bid/105445https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795http://bugzilla.maptools.org/show_bug.cgi?id=2816http://www.securityfocus.com/bid/105445https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795
2018-09-30
Published