LibTIFF Image Processing Tool Vulnerability by TIF and LibTIFF
CVE-2018-17100

8.8HIGH

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
16 September 2018

Summary

A vulnerability in LibTIFF 4.0.9 allows for a potential Denial of Service (DoS) attack via specially crafted image files. This is due to an int32 overflow occurring in the multiply_ms function within the ppm2tiff tool, making it possible for an attacker to influence the behavior of the software and possibly cause a crash. It is important for users and administrators to be aware of this issue and apply the necessary updates to mitigate any risks associated with this vulnerability.

References

https://usn.ubuntu.com/3864-1/
vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/10/msg0...
mailing-listx_refsource_MLIST
http://bugzilla.maptools.org/show_bug.cgi?id=2810
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.