CVE-2018-12900
Summary
| CVE | CVE-2018-12900 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-06-26 22:29:00 UTC |
|---|
| Updated | 2021-03-05 19:15:00 UTC |
|---|
| Description | Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| USN-3906-1: LibTIFF vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| Bug 2798 – two heap-based buffer overflow bugs in tiffcp.c of LibTIFF 4.0.9 (CVE-2018-12900) |
MISC |
bugzilla.maptools.org |
Exploit, Issue Tracking, Third Party Advisory |
| USN-3906-2: LibTIFF vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
|
| [SECURITY] [DLA 2009-1] tiff security update |
MLIST |
lists.debian.org |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| Pocs_for_Multi_Versions/CVE-2018-12900 at main · Hack-Me/Pocs_for_Multi_Versions · GitHub |
MISC |
github.com |
|
| Debian -- Security Information -- DSA-4670-1 tiff |
DEBIAN |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 377468 Alibaba Cloud Linux Security Update for libtiff (ALINUX2-SA-2019:0073)
- 500690 Alpine Linux Security Update for tiff
- 504459 Alpine Linux Security Update for tiff
