Out-of-Bounds Write in LibTIFF Due to JBIG Handling
CVE-2018-18557

8.8HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
22 October 2018

What is CVE-2018-18557?

LibTIFF versions prior to the latest updates are vulnerable to an out-of-bounds write condition when handling JBIG images. This occurs due to the decoding process not properly respecting the size of the output buffer, which can lead to memory corruption. Attackers can exploit this vulnerability to execute arbitrary code, allowing for potential system compromise. Users are urged to update their LibTIFF installations to mitigate the risks associated with this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://usn.ubuntu.com/3864-1/
vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4349
vendor-advisoryx_refsource_DEBIAN
https://www.exploit-db.com/exploits/45694/
exploitx_refsource_EXPLOIT-DB

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.