{"api_version":"1","generated_at":"2026-04-23T16:54:31+00:00","cve":"CVE-2018-12900","urls":{"html":"https://cve.report/CVE-2018-12900","api":"https://cve.report/api/cve/CVE-2018-12900.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-12900","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-12900"},"summary":{"title":"CVE-2018-12900","description":"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-06-26 22:29:00","updated_at":"2021-03-05 19:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/3906-1/","name":"USN-3906-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3906-1: LibTIFF vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:2053","name":"RHSA-2019:2053","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2798","name":"http://bugzilla.maptools.org/show_bug.cgi?id=2798","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"Bug 2798 – two heap-based buffer overflow bugs in tiffcp.c of LibTIFF 4.0.9 (CVE-2018-12900)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3906-2/","name":"USN-3906-2","refsource":"UBUNTU","tags":[],"title":"USN-3906-2: LibTIFF vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html","name":"[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2009-1] tiff security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:3419","name":"RHSA-2019:3419","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900","name":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900","refsource":"MISC","tags":[],"title":"Pocs_for_Multi_Versions/CVE-2018-12900 at main · Hack-Me/Pocs_for_Multi_Versions · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4670","name":"DSA-4670","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4670-1 tiff","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-12900","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12900","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"4.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12900","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"4.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-12900","qid":"377468","title":"Alibaba Cloud Linux Security Update for libtiff (ALINUX2-SA-2019:0073)"},{"cve":"CVE-2018-12900","qid":"500690","title":"Alpine Linux Security Update for tiff"},{"cve":"CVE-2018-12900","qid":"504459","title":"Alpine Linux Security Update for tiff"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-12900","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://bugzilla.maptools.org/show_bug.cgi?id=2798","refsource":"MISC","url":"http://bugzilla.maptools.org/show_bug.cgi?id=2798"},{"name":"USN-3906-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3906-1/"},{"refsource":"UBUNTU","name":"USN-3906-2","url":"https://usn.ubuntu.com/3906-2/"},{"refsource":"REDHAT","name":"RHSA-2019:2053","url":"https://access.redhat.com/errata/RHSA-2019:2053"},{"refsource":"REDHAT","name":"RHSA-2019:3419","url":"https://access.redhat.com/errata/RHSA-2019:3419"},{"refsource":"MLIST","name":"[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"},{"refsource":"DEBIAN","name":"DSA-4670","url":"https://www.debian.org/security/2020/dsa-4670"},{"refsource":"MISC","name":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900","url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"}]}},"nvd":{"publishedDate":"2018-06-26 22:29:00","lastModifiedDate":"2021-03-05 19:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"12900","Ordinal":"129547","Title":"CVE-2018-12900","CVE":"CVE-2018-12900","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"12900","Ordinal":"1","NoteData":"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"12900","Ordinal":"2","NoteData":"2018-06-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"12900","Ordinal":"3","NoteData":"2021-03-05","Type":"Other","Title":"Modified"}]}}}