Heap-based Buffer Overflow in LibTIFF Affects Multiple Versions
CVE-2018-12900

8.8HIGH

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 26 June 2018

What is CVE-2018-12900?

The vulnerability is a heap-based buffer overflow in the cpSeparateBufToContigBuf function within tiffcp.c of the LibTIFF library. This flaw affects multiple versions of LibTIFF and allows remote attackers to exploit it by crafting specific TIFF files. Successful exploitation may lead to denial of service conditions, including application crashes, as well as potential unforeseen impacts due to the nature of memory manipulation. The affected versions span from 3.9.3 up to 4.0.9, highlighting a significant risk for users reliant on LibTIFF for image processing.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2798

x_refsource_MISC

https://usn.ubuntu.com/3906-1/

vendor-advisoryx_refsource_UBUNTU

https://usn.ubuntu.com/3906-2/

vendor-advisoryx_refsource_UBUNTU

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
Jun 26, 2018

Libtiff

What is CVE-2018-12900?

References

EPSS Score

CVSS V3.1

Timeline