Buffer Overflow Vulnerability in LibTIFF Affects Remote Users
CVE-2018-17795

8.8HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
30 September 2018

What is CVE-2018-17795?

The vulnerability in the t2p_write_pdf function within tiff2pdf.c of LibTIFF versions up to 4.0.9 allows remote attackers to exploit crafted TIFF files. This can lead to a denial of service through heap-based buffer overflow, potentially causing application crashes and posing additional risks to system integrity.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2816
x_refsource_MISC
http://www.securityfocus.com/bid/105445
vdb-entryx_refsource_BID
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/m...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.