Out-of-Bounds Write Vulnerability in LibTIFF Affecting Multiple Versions
CVE-2018-17101

8.8HIGH

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
16 September 2018

Summary

An issue in LibTIFF version 4.0.9 involves two out-of-bounds writes in the handle of cpTags, specifically within the files tools/tiff2bw.c and tools/pal2rgb.c. This vulnerability can be exploited using specially crafted image files, resulting in a denial of service through application crashes. The potential impact may extend to other unspecified effects, making it a significant concern for users relying on this library for image processing.

References

https://gitlab.com/libtiff/libtiff/merge_requests/33/diff...
x_refsource_MISC
https://usn.ubuntu.com/3864-1/
vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/105370
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.