CVE-2018-5360 — Out-of-bounds Read in Libtiff

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff Debian Tiff Graphicsmagick

Timeline

PublishedJan 14

Latest updateMay 14

Description

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlibtiff/libtiff< 4.0.6

▶debiandebian/tiff< tiff 4.0.6-3 (bookworm)

▶NVDgraphicsmagick/graphicsmagick1.3.27

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-5949-jg6x-h5jp: LibTIFF before 4↗2022-05-14

▶

OSV

CVE-2018-5360: LibTIFF before 4↗2018-01-14

▶

📋Vendor Advisories

Red Hat

LibTIFF: heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c↗2018-01-12

▶

Debian

CVE-2018-5360: tiff - LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a ...↗2018

▶

💬Community

Bugzilla

CVE-2018-5360 mingw-libtiff: LibTIFF: heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c [epel-7]↗2018-01-17

▶

Bugzilla

CVE-2018-5360 LibTIFF: heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c↗2018-01-17

▶