CVE-2019-7663 — Integer Overflow or Wraparound in Tiff

CWE-190 — Integer Overflow or Wraparound CWE-822 — Untrusted Pointer Dereference11 documents8 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.7%

top 28.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Canonical Ubuntu Linux Debian Linux +2 more

Timeline

PublishedFeb 9

Latest updateDec 7

Description

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlibtiff/libtiff4.0.10

▶debiandebian/tiff< tiff 4.0.10-4 (bookworm)

▶NVDopensuse/leap15.0

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.maptools.org ↗Patch: gitlab.com ↗Patch: bugzilla.maptools.org ↗

🔴Vulnerability Details

GHSA

GHSA-26x4-fg42-26fj: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite↗2022-05-13

▶

OSV

CVE-2019-7663: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite↗2019-02-09

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2019-03-18

▶

Ubuntu

LibTIFF vulnerabilities↗2019-03-12

▶

Debian

CVE-2019-7663: tiff - An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfu...↗2019

▶

Red Hat

libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference↗2018-12-18

▶

📄Research Papers

arXiv

Make out like a (Multi-Armed) Bandit: Improving the Odds of Fuzzer Seed Scheduling with T-Scheduler↗2023-12-07

▶

💬Community

Bugzilla

CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference↗2019-02-15

▶

Bugzilla

CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference [fedora-all]↗2019-02-15

▶

Bugzilla

CVE-2018-12900 libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution [fedora-all]↗2018-06-27

▶