Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-18557Out-of-bounds Write in Libtiff

CWE-787Out-of-bounds Write10 documents8 sources
Severity
8.8HIGHNVD
EPSS
24.5%
top 3.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Debian TiffCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedOct 22
Latest updateMay 13

Description

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibtiff/libtiff4.0.9
debiandebian/tiff< tiff 4.0.9+git181026-1 (bookworm)

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

2
GHSA
GHSA-p963-j6qf-rp28: LibTIFF 32022-05-13
OSV
CVE-2018-18557: LibTIFF 32018-10-22

💥Exploits & PoCs

1
Exploit-DB
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer2018-10-25

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2019-03-18
Ubuntu
LibTIFF vulnerabilities2019-01-22
Red Hat
libtiff: Out-of-bounds write in tif_jbig.c2018-10-14
Debian
CVE-2018-18557: tiff - LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6...2018

💬Community

2
Bugzilla
CVE-2018-18557 libtiff: Out-of-bounds write in tif_jbig.c [fedora-all]2018-10-30
Bugzilla
CVE-2018-18557 libtiff: Out-of-bounds write in tif_jbig.c2018-10-30