CVE-2018-8905
published 2018-03-22CVE-2018-8905: In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
PriorityP343high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
3.10%
86.1th percentile
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.0.9-6 (bookworm) | tiff 4.0.9-6 (bookworm) |
| libtiff | libtiff | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hjgx-w465-2m2j: In LibTIFF 4
ghsa_unreviewed·2022-05-13
CVE-2018-8905 [HIGH] CWE-787 GHSA-hjgx-w465-2m2j: In LibTIFF 4
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
OSV
CVE-2018-8905: In LibTIFF 4
osv·2018-03-22·CVSS 8.8
CVE-2018-8905 [HIGH] CVE-2018-8905: In LibTIFF 4
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Red Hat
file: stack-based buffer over-read in do_core_note in readelf.c
vendor_redhat·2019-02-18·CVSS 6.5
CVE-2019-8905 [MEDIUM] CWE-125 file: stack-based buffer over-read in do_core_note in readelf.c
file: stack-based buffer over-read in do_core_note in readelf.c
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
A vulnerability was found in the "File" project where a stack-based buffer over-read exists in the do_core_note function within readelf.c of libmagic.a, by using a specially crafted file the attacker could access sensitive information or cause a denial of service.
Statement: This vulnerability is rated as Moderate severity because it allows a stack-buffer over-read in the do_core_note funtion within readelf.c in libmagic.a. This issue, realted to file_printable, may lead to application crashes or exposure of sensitive information.
Package: file (Red Hat Enterpris
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2019-01-22
CVE-2018-10963 LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
vendor_redhat·2018-03-17·CVSS 8.8
CVE-2018-8905 [HIGH] CWE-122 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Will not fix
Package: libtiff (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-8905: tiff - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeC...
vendor_debian·2018·CVSS 8.8
CVE-2018-8905 [HIGH] CVE-2018-8905: tiff - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeC...
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Scope: local
bookworm: resolved (fixed in 4.0.9-6)
bullseye: resolved (fixed in 4.0.9-6)
forky: resolved (fixed in 4.0.9-6)
sid: resolved (fixed in 4.0.9-6)
trixie: resolved (fixed in 4.0.9-6)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c
bugzilla·2019-02-20·CVSS 6.5
CVE-2019-8905 [MEDIUM] CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c
do_core_note in readelf.c in libmagic in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
Upstream patch:
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
References:
https://bugs.astron.com/view.php?id=63
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8905.html
Discussion:
Created file tracking bugs for this issue:
Affects: fedora-all [bug 1679182]
Bugzilla
CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [epel-7]
bugzilla·2018-03-23·CVSS 8.8
CVE-2018-8905 [HIGH] CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [epel-7]
CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]
bugzilla·2018-03-23·CVSS 8.8
CVE-2018-8905 [HIGH] CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]
CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: t
Bugzilla
CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
bugzilla·2018-03-23·CVSS 8.8
CVE-2018-8905 [HIGH] CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
LibTIFF since version 3.9.0 is vulnerable to a heap-based buffer overflow in the
tif_lzw.c:LZWDecodeCompat() function. An attacker could exploit this to cause a
denial of service via crafted TIF file.
Upstream Issue:
http://bugzilla.maptools.org/show_bug.cgi?id=2780
Additional References:
https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1559705]
Created mingw-libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1559706]
Affects: epel-7 [bug 1559707]
---
Any updates on this defect?
---
What kind of updates are you looking for?
---
Maybe I can
Bugzilla
CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]
bugzilla·2018-03-23·CVSS 8.8
CVE-2018-8905 [HIGH] CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]
CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit me
http://bugzilla.maptools.org/show_bug.cgi?id=2780https://access.redhat.com/errata/RHSA-2019:2053https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflowhttps://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27dhttps://lists.debian.org/debian-lts-announce/2018/05/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2018/05/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00002.htmlhttps://usn.ubuntu.com/3864-1/https://www.debian.org/security/2018/dsa-4349http://bugzilla.maptools.org/show_bug.cgi?id=2780https://access.redhat.com/errata/RHSA-2019:2053https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflowhttps://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27dhttps://lists.debian.org/debian-lts-announce/2018/05/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2018/05/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00002.htmlhttps://usn.ubuntu.com/3864-1/https://www.debian.org/security/2018/dsa-4349
2018-03-22
Published