CVE-2019-14973Integer Overflow or Wraparound in Libtiff

CWE-190Integer Overflow or Wraparound10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 23.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian TiffLibtiffDebian Linux+2 more
Timeline
PublishedAug 14
Latest updateFeb 2

Description

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDlibtiff/libtiff4.0.10
debiandebian/tiff< tiff 4.0.10+git190814-1 (bookworm)
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
OSV
tiff vulnerabilities2023-02-02
GHSA
GHSA-2586-jx35-m7r7: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux2022-05-24
OSV
CVE-2019-14973: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux2019-08-14

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2023-02-02
Ubuntu
LibTIFF vulnerabilities2019-10-17
Red Hat
libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c2019-08-14
Debian
CVE-2019-14973: tiff - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mi...2019

💬Community

2
Bugzilla
CVE-2019-14973 libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c2019-08-27
Bugzilla
CVE-2019-14973 libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c [fedora-all]2019-08-27