Out-of-Bounds Write in LibTIFF Due to JBIG Handling
CVE-2018-18557

8.8HIGH

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 22 October 2018

What is CVE-2018-18557?

LibTIFF versions prior to the latest updates are vulnerable to an out-of-bounds write condition when handling JBIG images. This occurs due to the decoding process not properly respecting the size of the output buffer, which can lead to memory corruption. Attackers can exploit this vulnerability to execute arbitrary code, allowing for potential system compromise. Users are urged to update their LibTIFF installations to mitigate the risks associated with this flaw.

References

https://usn.ubuntu.com/3864-1/

vendor-advisoryx_refsource_UBUNTU

https://www.debian.org/security/2018/dsa-4349

vendor-advisoryx_refsource_DEBIAN

https://www.exploit-db.com/exploits/45694/

exploitx_refsource_EXPLOIT-DB

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2018
Vulnerability Reserved
Oct 22, 2018

Libtiff

What is CVE-2018-18557?

References

EPSS Score

CVSS V3.1

Timeline