CVE-2018-8905 — Out-of-bounds Write in Tiff
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 22
Latest updateMay 13
Description
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10
Patches
🔴Vulnerability Details
2📋Vendor Advisories
4💬Community
5Bugzilla▶
CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [epel-7]↗2018-03-23
Bugzilla▶
CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]↗2018-03-23
Bugzilla▶
CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service↗2018-03-23
Bugzilla▶
CVE-2018-8905 mingw-libtiff: libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service [fedora-all]↗2018-03-23