CVE-2019-7663
Summary
| CVE | CVE-2019-7663 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-09 16:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Libtiff | Libtiff | 4.0.10 | All | All | All |
| Application | Libtiff | Libtiff | 4.0.10 | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing (802d3cbf) · Commits · libtiff / libtiff · GitLab | CONFIRM | gitlab.com | Patch, Third Party Advisory |
| Bug 2833 – There is a Segmentation fault at tiffcp.c:1245 in cpSeparateBufToContigBuf (CVE-2019-7663) | MISC | bugzilla.maptools.org | Exploit, Issue Tracking, Patch, Third Party Advisory |
| libTIFF: Multiple vulnerabilities (GLSA 202003-25) — Gentoo security | GENTOO | security.gentoo.org | |
| USN-3906-1: LibTIFF vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| [SECURITY] [DLA 1680-1] tiff security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| USN-3906-2: LibTIFF vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2019:1161-1: moderate: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-4670-1 tiff | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.